TLSv1.1, TLSv1.2 checkboxes missing

Hi, I need to disable SSLv2, SSLv3 and enable TLSv1, TLSv1.1, TLSv1.2, upward for all virtual servers. However checkboxes are missing. The system runs centos6.7 and webmin 1.791

Can you fix this, plz?

Kind regards. Adriea

Status: 
Active

Comments

Are you looking to disable SSLv2 and v3 on your domain's regular website, or in the Virtualmin UI on port 10000?

I found the checkboxes to disable SSLv2 and v3 but not for enabling TLSv1.1 and v1.2.

If you disable SSLv2 and v3, only TLS v1.1 and 1.2 will be left.

Not quite:

  1. if all options are checked = has all versions (SSL2, SSL3, TLSv1, TLSv1.1, TLSv1.2)..
    (this removes "SSLProtocol" line from VirtualHost in virtualservers.conf (but global (ssl.conf) is ignored))

  2. When vhost only has TLSv1 checked = has TLSv1 and TLSv1.1, BUT TLSv1.2 is disabled;
    (this sets "SSLProtocol +TLSv1" in VirtualHost in virtualservers.conf)

  3. If I manually set this in VirtualHost in virtualservers.conf = will enable these "TLSv1, TLSv1.1, TLSv1.2".
    "SSLProtocol -All +TLSv1.2 +TLSv1.1 +TLSv1"

= So clearly needs those options..

~ Also it appears that global "SSLProtocol" settings in ssl.conf is ignored all together (this could be bug in OpenSSL + SNI).
(CentOS Linux 6.7, Apache/2.2.15, Webmin v1.791, Virtualmin v5.01.gpl)

Also at the moment i'm forced to manually edit each VirtualHost and add this line:
Header always set Strict-Transport-Security "max-age=15768000"
~ Maybe there is some way to add it automatically for SSL vhosts?
(as template is used for all vhosts)

You can set these kinds of options in the Apache config template - it's OK to set SSL options there, because even if they get included in the non-SSL vhost they will have no effect.