Disable SSLv3, TLS1 and TLS1.1

lwpatt1 · 13 February 2020 20:00

I’m trying to figure out how to disable SSLv3, TLS1 and TLS 1.1 and force clients to use TLS1.2. I’ve modified the ssl.conf file in /etc/httpd/conf.d/ but SSLv3 is still showing as enabled in NMAP. my ssl.conf file has the following lines (which I found on a general Apache guide for enforcing TLS 1.2)

SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Does Libre have its own configuration file to set these parameters? Please let me know what other information you need from me.

Thanks in advance!

PipoCanaja · 17 February 2020 21:14

Hi
If you use Apache, then Apache settings are the one you need to tweak, you are correct. LibreNMS is just “another website” from Apache point of view.
I am not aware of this particular setting specific issue, but Apache config can be split into multiple files usually, so you may have conflicting settings, site-specific settings, distribution specific, etc etc. You definitely need to ask on an Apache forum where you’ll find more answers.