mirror of
https://git.proxmox.com/git/pve-manager
synced 2025-08-08 06:38:39 +00:00
Enable TLS 1.1 and 1.2, change default DH params
AnyEvent uses a built-in DH group defined as 'schmorp1539'
by default, which seems to trigger the bug in [1] for every
attempt of accessing the web GUI using IE11 and TLS1.2. By
switching to a bigger default DH group ('skip2048'), the
bug seems to be gone (or trigger sufficiently rarely).
1: http://engineering.imvu.com/2015/01/27/the-case-of-the-page-cant-be-displayed-intermittent-selenium-test/
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
Dietmar Maurer
parent
08801a5d01
commit
ee0b96b15f
@ -108,12 +108,13 @@ sub init {
|
|||||||
ssl => {
|
ssl => {
|
||||||
# Note: older versions are considered insecure, for example
|
# Note: older versions are considered insecure, for example
|
||||||
# search for "Poodle"-Attac
|
# search for "Poodle"-Attac
|
||||||
method => 'tlsv1',
|
method => 'any',
|
||||||
sslv2 => 0,
|
sslv2 => 0,
|
||||||
sslv3 => 0,
|
sslv3 => 0,
|
||||||
cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
|
cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
|
||||||
key_file => '/etc/pve/local/pve-ssl.key',
|
key_file => '/etc/pve/local/pve-ssl.key',
|
||||||
cert_file => '/etc/pve/local/pve-ssl.pem',
|
cert_file => '/etc/pve/local/pve-ssl.pem',
|
||||||
|
dh => 'skip2048',
|
||||||
},
|
},
|
||||||
# Note: there is no authentication for those pages and dirs!
|
# Note: there is no authentication for those pages and dirs!
|
||||||
pages => {
|
pages => {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user