Disable TLS1.1 is a good idea ?

Post Reply
User avatar
odbox
Posts: 2
Joined: Wed Jan 27, 2021 8:04 am
Disable TLS1.1 is a good idea ?

Post by odbox »

Hello and first of all thank you for adding me.
I'm really new in hosting and I'm learning. I love your project that is exactly that I was searching, really clear, really simple, really essentials.

Second, you have to excuse my English because I'am French.

Then, I'm using myVesta as default installation and deals web template PHP-FPM-73 / Proxy ans SSL support.
Server : Apache+nginx, exim, bind, Dovecot, clamav,spamassassin, mysql, proftpd, iptables, fail2ban, cron.

just a little question about TLS, I've heard that it is quiet good to disabled TLS1.1 and just use 1.2 or also 1.3 but I see that TLS1.1 is in use in myVesta. Do you think it will cause problems if I disable TLS1.1

( and last but not least I really don't know how to do that perhaps it is this line in CONFIGURING SERVER / NGINX ??

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.1 TLSv1.2;
Do I would have to remove TLSv1.1 and just that to do, I think its a little bit more complicated, or not...

Many thanks by advance.

Tags:

User avatar
dpeca
Site Admin
Posts: 411
Joined: Fri Jun 19, 2020 9:59 am
Re: Disable TLS1.1 is a good idea ?

Post by dpeca »

I think it's safe to do that.
You can also add "TLSv1.3", I think it will works.

User avatar
odbox
Posts: 2
Joined: Wed Jan 27, 2021 8:04 am
Re: Disable TLS1.1 is a good idea ?

Post by odbox »

It's done and it is working good.

Added TLSv1.3 and removing TLSv1.1 (NGINX config.) and restart.

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.2 TLSv1.3;
Thank you !


Post Reply