Oops, excuse my typo
Create /etc/systemd/system/cockpit.service.d/ssl.conf containing
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
Then
systemctl daemon-reload
systemctl restart cockpit
To verify that TLS 1.1 is disabled,
echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e
Protocol -e Cipher
The expected result is:
New, (NONE), Cipher is (NONE)
Protocol : TLSv1.1
Cipher : 0000
Cheers,
Phil
-----Original Message-----
From: Randal, Phil
Sent: 27 December 2019 15:04
To: 'CentOS mailing list' <[email protected]>
Subject: RE: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
Try creating /etc/system/system/cockpit.service.d/ssl.conf and putting this in
it:
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1
Then
systemctl daemon-reload
systemctl restart cockpit
Cheers,
Phil
-----Original Message-----
From: CentOS <[email protected]> On Behalf Of Erick Perez - Quadrian
Enterprises
Sent: 27 December 2019 03:26
To: [email protected]
Subject: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit
CAUTION: This email originated from outside of the organisation. Do not click
links or open attachments unless you recognise the sender and know the content
is safe.
Hi, I'm using cockpit in standard port 9090 in a Centos 7 system.
Due to a suggestion from management, they want TLS 1.1 disabled system-wide in
all Linux boxes and TLS 1.2 enabled.
I have not found proper documentation on how to disable it for cockpit (version
195.1 ships with Centos 7)
So far I have tried (https://cockpit-project.org/guide/149/https.html):
/usr/lib/systemd/system/cockpit.service
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2
And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf
and added:
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2
after that, I systemctl restart cockpit
But if I do
#openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a
certificate), so TLS 1.1 is being accepted.
Suggestions?
Thanks.
--
---------------------
Erick Perez
---------------------
_______________________________________________
CentOS mailing list
[email protected]
https://lists.centos.org/mailman/listinfo/centos
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE
"Any opinion expressed in this e-mail or any attached files are those of the
individual and not necessarily those of Hoople Ltd. You should be aware that
Hoople Ltd. monitors its email service. This e-mail and any attached files are
confidential and intended solely for the use of the addressee. This
communication may contain material protected by law from being passed on. If
you are not the intended recipient and have received this e-mail in error, you
are advised that any use, dissemination, forwarding, printing or copying of
this e-mail is strictly prohibited. If you have received this e-mail in error
please contact the sender immediately and destroy all copies of it."
_______________________________________________
CentOS mailing list
[email protected]
https://lists.centos.org/mailman/listinfo/centos
