firefox is complaining about TLS version on pagure's 8088 because is using tls1.0 and will get unsupported on march 2020.
According to stunnel's manpage it's possible to set min and max tls version's when using stunnel with openssl 1.1.0 or above with sslVersionMin and sslVersionMax config keys, wich would be really the best solution, but dunno what ssl version is using stunnel on those boxes, so can't propose a patch against ansible role =)
sslVersionMin
sslVersionMax
Metadata Update from @bowlofeggs: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: pagure
Should be fixed here in a few after this playbook runs in prod (already fixed in stg)
We have rhel7 so it's an old stunnel version, so I did:
sslVersion = all options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1
which seems to work. Let me know if it's not working for you.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.