Skip to content

P
pve-manager
Commit 434e3141 authored by Dietmar Maurer's avatar Dietmar Maurer
Browse files
Options

pveproxy: limit ourselfes to tlsv1 

older versions are considered insecure, for example search for "Poodle"-Attac
parent ec715942
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 0 deletions
bin/pveproxy
View file @ 434e3141
...@@ -105,6 +105,9 @@ eval { ...@@ -105,6 +105,9 @@ eval {
logfile => '/var/log/pveproxy/access.log', logfile => '/var/log/pveproxy/access.log',
lockfile => $lockfile, lockfile => $lockfile,
ssl => { ssl => {
# Note: older versions are considered insecure, for example
# search for "Poodle"-Attac
method => "tlsv1",
cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5', cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
key_file => '/etc/pve/local/pve-ssl.key', key_file => '/etc/pve/local/pve-ssl.key',
cert_file => '/etc/pve/local/pve-ssl.pem', cert_file => '/etc/pve/local/pve-ssl.pem',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023