It's hardcoded but works perfectly (I guess until next upgrade, but anyway).
A way how to disable sslv3 and support tls1.2 and 1.1 is that: Edit file /usr/bin/pveproxy Find "method => "tlsv1", comment it out. Now "ssleay" supports all tls versions and ssl versions. It's relatively easy to disable sslv3 by adding a line "sslv3 => 0," Add it next to line you just commented.And to determine what ciphers are allowed, it's easy to edit this in /etc/default/pveproxy
Suggestion to Proxmox developers: this should be implemented to configuration file which automatically gets distributed to all nodes. It's logic that I want all nodes to use same cryptographic algorithms, not just one.
Keep up the good work! On 01.12.14 17:03, Sten Aus wrote:
HiI tried to set /usr/bin/pveproxy ssl method value to tlsv1.2 or tlsv12, but it did not work. How should I configure to use TLS v 1.2, not TLS v 1.0?And where I can specify cipher_list for SSL to use? Thanks! _______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ pve-user mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
