Answer the question
In order to leave comments, you need to log in
Answer the question
In order to leave comments, you need to log in
What is responsible for encryption on your server - apache or nginx? In nginx, you must specify the ssl_protocols TLSv1.2 directive; I'm not talking about Apache.
Programs typically use OpenSSL to support encryption.
OpenSSL 1.1.1d, which is capable of TLS 1.3, is in Debian 10. The version from Debian 9 was definitely capable of TLS 1.2.
If the version is too old, then no change in the configs will help.
1. Determine what software your ssl connection accepts.
This can be a balancer (haproxy, nginx, etc) or a web server (nginx, apache, etc..)
2. disable the use of TLS below 1.2 or hardcode the use of tls 1.2 (the latter is not recommended, but may be necessary in some cases)
To do this you need to fix the configuration of the section that accepts external connections via https.
I would be guided by https://ssl-config.mozilla.org/ - a configurator from Mozilla. Just do not mindlessly copy what is written there - you need to understand where and what to prescribe. This config generator is suitable for default installations or as a reference.
Before doing something in the following paragraphs, I would first check which versions of tls your web server supports: set https://www.ssllabs.com/ssltest/ on it - it will write in the report which versions of TLS your current software supports. If there is at least tls 1.2 (and ideally 1.3) - then you can get by with the configuration, without updating the software
3. In severe cases, you may need to update the software that the SSL connection accepts.
4. Or openssl either on the machine.
5. Or update the software using either the latest versions of openssl
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question