#8231 pagure's stunnel tls > 1.0 support
Closed: Fixed 10 months ago by kevin. Opened 10 months ago by jlanda.

firefox is complaining about TLS version on pagure's 8088 because is using tls1.0 and will get unsupported on march 2020.

According to stunnel's manpage it's possible to set min and max tls version's when using stunnel with openssl 1.1.0 or above with sslVersionMin and sslVersionMax config keys, wich would be really the best solution, but dunno what ssl version is using stunnel on those boxes, so can't propose a patch against ansible role =)

Metadata Update from @bowlofeggs:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: pagure

10 months ago

Should be fixed here in a few after this playbook runs in prod (already fixed in stg)

We have rhel7 so it's an old stunnel version, so I did:

sslVersion = all
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1

which seems to work. Let me know if it's not working for you.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

10 months ago

Login to comment on this ticket.