[PVE-User] Change pveproxy to tls1.2
Sten Aus
sten.aus at eenet.ee
Thu Feb 19 15:52:31 CET 2015
Hi
I updated to proxmox 3.4 and now I see that this line is back in
/usr/bin/pveproxy.
When I look at the git log, there's a line for removing tlsv1
- method => "tlsv1",
but after updating to 3.4, the line is still there.
*sslv2, sslv3 =>0 *are there, just as we talked in December.
Any comments?
Sten
On 02.12.14 15:11, Dietmar Maurer wrote:
>> It's hardcoded but works perfectly (I guess until next upgrade, but anyway).
>>
>> A way how to disable sslv3 and support tls1.2 and 1.1 is that:
>>
>> Edit file /usr/bin/pveproxy
>> Find "method => "tlsv1", comment it out.
>> Now "ssleay" supports all tls versions and ssl versions.
>> It's relatively easy to disable sslv3 by adding a line
>>
>> "sslv3 => 0,"
> just committed a fix for that:
>
> https://git.proxmox.com/?p=pve-manager.git;a=commitdiff;h=f6bc4a73d0f252bbae1d5a769068351ed1cc33a1
>
> I disabled both - just to be sure:
>
> + sslv2 => 0,
> + sslv3 => 0,
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20150219/29d4ecff/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3227 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20150219/29d4ecff/attachment.bin>
More information about the pve-user
mailing list