https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34193
Bug ID: 34193
Summary: Default HTTPS template has outdated SSLProtocol value
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
At the moment, debian/templates/apache-site-https.conf.in defaults to
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
However, TLSv1.2 and TLSv1.3 are the only TLS versions that are supported
globally at the moment. Both 1.1 and 1 are deprecated now, and are disabled in
most systems.
Where possible, you want to be using TLSv1.3, and failing that TLSv1.2.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
