Try creating /etc/system/system/cockpit.service.d/ssl.conf and putting this in 
it:

[Service]
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1

Then

systemctl daemon-reload
systemctl restart cockpit

Cheers,

Phil


-----Original Message-----
From: CentOS <centos-boun...@centos.org> On Behalf Of Erick Perez - Quadrian 
Enterprises
Sent: 27 December 2019 03:26
To: centos@centos.org
Subject: [CentOS] Disabling TLS 1.1 in Centos 7 cockpit

CAUTION: This email originated from outside of the organisation. Do not click 
links or open attachments unless you recognise the sender and know the content 
is safe.

Hi, I'm using cockpit in standard port 9090 in a Centos 7 system.
Due to a suggestion from management, they want TLS 1.1 disabled system-wide in 
all Linux boxes and TLS 1.2 enabled.

I have not found proper documentation on how to disable it for cockpit (version 
195.1 ships with Centos 7)

So far I have tried (https://cockpit-project.org/guide/149/https.html):

/usr/lib/systemd/system/cockpit.service
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2

And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf
and added:
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2

after that, I systemctl restart cockpit

But if I do
#openssl s_client -connect  localhost:9090 -tls1_1 I get a proper response (a 
certificate), so TLS 1.1 is being accepted.

Suggestions?

Thanks.

--

---------------------
Erick Perez
---------------------
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Hoople Ltd, Registered in England and Wales No. 7556595
Registered office: Plough Lane, Hereford, HR4 0LE

"Any opinion expressed in this e-mail or any attached files are those of the 
individual and not necessarily those of Hoople Ltd. You should be aware that 
Hoople Ltd. monitors its email service. This e-mail and any attached files are 
confidential and intended solely for the use of the addressee. This 
communication may contain material protected by law from being passed on. If 
you are not the intended recipient and have received this e-mail in error, you 
are advised that any use, dissemination, forwarding, printing or copying of 
this e-mail is strictly prohibited. If you have received this e-mail in error 
please contact the sender immediately and destroy all copies of it."
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to