To fix a PCI-DSS scan vulnerability report on our secondary DNS servers, we have set in Webmin Configuration / SSL Encryption / SSL protocol version to 3 instead of the default "Detect automatically".
Btw, default should be 3 or higher, and v2 should be phased out for security reasons ;-)
I had trouble finding an old browser with v2 when i set 2 and got locked out. And ofc that didn't support the strong PCI ciphers "HIGH:-SSLv2:-aNULL". So i could unlock myself by editing the last line of /etc/webmin/miniserv.conf and then restarting webmin by ssh.
From then on, webmin clustering stopped working !
Indeed, it looks like in Webmin / Webmin / Webmin Servers Index / edit / SSL server? Yes
Gives a valid Server status Running Webmin 1.560 instead of Timeout ONLY IF the remote server accepts also SSL v2 (but v3 cyphers is ok).
Looks like a security issue to me...
I searched for an hour to switch the webmin RPC clustering to SSL v3, but didn't find anywhere such a setting.
v2 should really be phased out in webmin too. All browsers phased it out since quite some releases.
Filing it as a bug, as it's a security issue imho.