[PVE-User] Proxmox disable TLS 1

Brent Clark brentgclarklist at gmail.com
Thu Jul 26 11:30:53 CEST 2018 

Thanks for replying

Interesting, I do not have that file / package.

root at chs-vmh01 ~ # dpkg -l | awk '/pve-/{print $2" "$3}'

snippet

pve-cluster 5.0-28
pve-container 2.0-24
pve-docs 5.2-4
pve-edk2-firmware 1.20180612-1
pve-firewall 3.0-13
pve-firmware 2.0-5
pve-ha-manager 2.0-5
pve-i18n 1.0-6
pve-kernel-4.15 5.2-4
pve-kernel-4.15.15-1-pve 4.15.15-6
pve-kernel-4.15.17-1-pve 4.15.17-9
pve-kernel-4.15.17-3-pve 4.15.17-14
pve-kernel-4.15.18-1-pve 4.15.18-15
pve-libspice-server1 0.12.8-3
pve-manager 5.2-5
pve-qemu-kvm 2.11.2-1
pve-xtermjs 1.0-5

Regards
Brent


On 26/07/2018 11:22, Thomas Lamprecht wrote:
> Hi,
> 
> Am 07/26/2018 um 11:05 AM schrieb Brent Clark:
>> Good day Guys
>>
>> I did a sslscan on my proxmox host, and I got the following:
>>
>> snippet:
>> Preferred TLSv1.0  256 bits  ECDHE-RSA-AES256-SHA          Curve P-256 
>> DHE 256
>> Accepted  TLSv1.0  256 bits  DHE-RSA-AES256-SHA            DHE 2048 bits
>> Accepted  TLSv1.0  256 bits  DHE-RSA-CAMELLIA256-SHA       DHE 2048 bits
>> Accepted  TLSv1.0  256 bits  AES256-SHA
>> Accepted  TLSv1.0  256 bits  CAMELLIA256-SHA
>> Accepted  TLSv1.0  128 bits  ECDHE-RSA-AES128-SHA          Curve P-256 
>> DHE 256
>> Accepted  TLSv1.0  128 bits  DHE-RSA-AES128-SHA            DHE 2048 bits
>> Accepted  TLSv1.0  128 bits  DHE-RSA-SEED-SHA              DHE 2048 bits
>> Accepted  TLSv1.0  128 bits  DHE-RSA-CAMELLIA128-SHA       DHE 2048 bits
>> Accepted  TLSv1.0  128 bits  AES128-SHA
>> Accepted  TLSv1.0  128 bits  SEED-SHA
>> Accepted  TLSv1.0  128 bits  CAMELLIA128-SHA
>>
>> I need to remove / disable TLSv1.0. Google has not been able to be of 
>> much help, for I get suggestions to edit
>> /usr/bin/pveproxy and /etc/default/pveproxy and the list goes on.
>>
>  > Can someone suggest how to fix this issue.
> 
> Ah yes, I posted a possible quick solution for this in the forum a bit
> ago [0].
> 
> Edit /etc/default/pveproxy to have a line with:
> 
> CIPHERS="HIGH:!TLSv1:!SSLv3:!aNULL:!MD5"
> 
> then
> systemctl restart pveproxy
> 
> and you should be good to go :-)
> 
> cheers,
> Thomas
> 
> [0]: 
> https://forum.proxmox.com/threads/disabling-tls-1-0-and-1-1-in-proxmox.35814/#post-175643 
> 
> 
> 
>

More information about the pve-user mailing list