Page 1 of 1

Disable TLS1.1 is a good idea ?

Posted: Thu Jan 28, 2021 1:00 am
by odbox
Hello and first of all thank you for adding me.
I'm really new in hosting and I'm learning. I love your project that is exactly that I was searching, really clear, really simple, really essentials.

Second, you have to excuse my English because I'am French.

Then, I'm using myVesta as default installation and deals web template PHP-FPM-73 / Proxy ans SSL support.
Server : Apache+nginx, exim, bind, Dovecot, clamav,spamassassin, mysql, proftpd, iptables, fail2ban, cron.

just a little question about TLS, I've heard that it is quiet good to disabled TLS1.1 and just use 1.2 or also 1.3 but I see that TLS1.1 is in use in myVesta. Do you think it will cause problems if I disable TLS1.1

( and last but not least I really don't know how to do that perhaps it is this line in CONFIGURING SERVER / NGINX ??

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.1 TLSv1.2;
Do I would have to remove TLSv1.1 and just that to do, I think its a little bit more complicated, or not...

Many thanks by advance.

Re: Disable TLS1.1 is a good idea ?

Posted: Tue Feb 02, 2021 12:10 pm
by myVesta
I think it's safe to do that.
You can also add "TLSv1.3", I think it will works.

Re: Disable TLS1.1 is a good idea ?

Posted: Wed Feb 03, 2021 4:05 pm
by odbox
It's done and it is working good.

Added TLSv1.3 and removing TLSv1.1 (NGINX config.) and restart.

Code: Select all

# SSL PCI Compliance
ssl_session_cache   shared:SSL:10m;
ssl_protocols       TLSv1.2 TLSv1.3;
Thank you !

Re: Disable TLS1.1 is a good idea ?

Posted: Wed Feb 07, 2024 7:44 pm
by stefansweb
What command I need to enter to get that?