Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled.
I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/guide/149/https.html): /usr/lib/systemd/system/cockpit.service [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf and added: [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 after that, I systemctl restart cockpit But if I do #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a certificate), so TLS 1.1 is being accepted. Suggestions? Thanks. -- --------------------- Erick Perez --------------------- _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
