Enable TLS 1.3 in our nginx config #92

New Issue

Closed

opened 2019-08-30 09:44:04 +00:00 by greg · 0 comments

greg commented 2019-08-30 09:44:04 +00:00

Owner

Copy Link

The current mainline versions of the official nginx packages are compiled against OpenSSL 1.1.1, and support TLS 1.3.

The version installed on barnard is already 1.7 (1.7.1, two minor versions behind), but the package installed on andromeda is still 1.15.9, compiled against OpenSSL 1.0.2g.

I will set the latest version on the package resource so we can easily upgrade it, as well as enable TLS 1.3

The current mainline versions of the official nginx packages are compiled against OpenSSL 1.1.1, and support TLS 1.3. The version installed on barnard is already 1.7 (1.7.1, two minor versions behind), but the package installed on andromeda is still 1.15.9, compiled against OpenSSL 1.0.2g. I will set the latest version on the package resource so we can easily upgrade it, as well as enable TLS 1.3

greg self-assigned this 2019-08-30 09:44:04 +00:00

greg referenced this issue from a commit 2019-08-30 09:59:08 +00:00

Update nginx to 1.17.3, enable TLS 1.3 Uses the current intermediate recommended config from https://ssl-config.mozilla.org Closes #92

raucao closed this issue 2019-08-30 10:39:14 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

bugfix/499-unattended_upgrades

feature/500-chef_upgrade_mediawiki

notes/ejabberd_ldap_photo

feature/akaunting

chore/ejabberd_service_avatar

feature/237-gitea_gpg

jammy_jellyfish

No results found.

Labels

Clear labels

service

accounts

Kosmos Accounts

service

discourse

Kosmos Community Forums

service

drone-ci

Kosmos Drone CI

service

email

mail.kosmos.org

service

garage

S3-compatible object storage

service

gitea

Kosmos Gitea

service

ipfs

Kosmos IPFS

service

mastodon

kosmos.social

service

postgres

Database cluster

service

remotestorage

Portable data storage for the Web

service

wiki

Kosmos Wiki

service

xmpp

Kosmos Chat

bug

Something is not working

design

Graphic/visual design

dev environment

Config, builds, CI, deployment, etc.

docs

Documentation

duplicate

This issue or pull request already exists

enhancement

Improving existing functionality

feature

New functionality

good first issue

Dive in, and start contributing

idea

Something to consider

invalid

Not a bug

kredits-1

Small contribution

kredits-2

Medium contribution

kredits-3

Large contribution

on hold

Currently not actionable

ops

Manual IT ops activities

question

Looking for an answer

release

major

release

minor

release

patch

security

All your base are belong to us

ui/ux

User interface, process design, etc.

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

bkero bumi fsmanuel galfert greg hueso raucao slvrbckt

No Assignees greg

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kosmos/chef#92

No description provided.