[PVE-User] Proxmox disable TLS 1

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Jul 26 11:22:12 CEST 2018


Hi,

Am 07/26/2018 um 11:05 AM schrieb Brent Clark:
> Good day Guys
> 
> I did a sslscan on my proxmox host, and I got the following:
> 
> snippet:
> Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 
> DHE 256
> Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
> Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
> Accepted  TLSv1.0  256 bits  AES256-SHA
> Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
> Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 
> DHE 256
> Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
> Accepted  TLSv1.0  128 bits  DHE-RSA-SEED-SHA              DHE 2048 bits
> Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
> Accepted  TLSv1.0  128 bits  AES128-SHA
> Accepted  TLSv1.0  128 bits  SEED-SHA
> Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA
> 
> I need to remove / disable TLSv1.0. Google has not been able to be of 
> much help, for I get suggestions to edit
> /usr/bin/pveproxy and /etc/default/pveproxy and the list goes on.
> 
 > Can someone suggest how to fix this issue.

Ah yes, I posted a possible quick solution for this in the forum a bit
ago [0].

Edit /etc/default/pveproxy to have a line with:

CIPHERS="HIGH:!TLSv1:!SSLv3:!aNULL:!MD5"

then
systemctl restart pveproxy

and you should be good to go :-)

cheers,
Thomas

[0]: 
https://forum.proxmox.com/threads/disabling-tls-1-0-and-1-1-in-proxmox.35814/#post-175643





More information about the pve-user mailing list