Hi all, Just a small heads up: I've noticed that SSLlabs.com is going to cap certificate ratings to grade "B" starting 1st January 2020 if webservers still support TLSv1.1.
For us that means BlueOnyx 5207R/5208R would be hit by that, as we were still supporting TLSv1.1 as a fallback there - with TLSv1.2 having priority. So I just rolled up a new base-apache-* which will support only TLSv1.2. I *could* configure the update in a way that it forces SSL off and back on for all Vsites that have SSL enabled in order to write out new configurations that have TLSv1.1 disabled. However: I decided against having the update do that. It's just too disruptive and this close to the holidays we all have better things to do than having an update rock our boats. After all: This update isn't really a security must have and is just to provide some more pleasant optics in a metric that might not be of utmost importance for you. But *if* you wish to make sure that all SSL enabled Vsites of yours have TLSv1.1 disabled after the update and before you install new SSL certs (or LE auto-renews yours the next time around) you can run this script from SSH or the shell: /usr/sausalito/sbin/toggle_ssl.pl That toggles SSL off and back on for all SSL enabled Vsites and forces the generation of updated configs. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx