TLS 1.1+ settings

#1

We want to reject TLS 1.0 connections. I can’t find a place where this is set for HTTPD24/nginx. Where can we set the SSLProtocol?

#2

If you are running OnDemand 1.5, check

/opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf

There’s a section in that file

SSL Protocol support:

List the enable protocol levels with which clients will be able to

connect. Disable SSLv2 access by default:

SSLProtocol all -SSLv2

I think you could add a “-TLSv1”, etc. to that list. See

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html

under SSLProtocol Directive for more info.

I think the file location is the same in older versions, but I don’t remember for sure,
Ric