Hi Hubert, Sorry for unclear description. I just want to disable TLS 1.0 on Redhat Linux server. After run those both commands, then how to take them effect or no need any. May I have your more advice?
Chobin > 在 2020年3月17日,19:10,Hubert Kario <[email protected]> 写道: > >> On Tuesday, 17 March 2020 10:04:34 CET, [email protected] wrote: >> Hi Matt, >> >> I have asked senior colleague for running the following commands on Redhat >> Linux server. >> $ openssl s_server -no_tls1 -key keyfile -cert certname >> $ openssl s_client -no_tls1 >> >> May I know any actions will make them take effect after run? > > `openssl s_client` and `openssl s_server` are debugging tools > > any command line options passed to them affect only those tools > > it will not affect apache, curl, nginx, or any other application that uses > the openssl library > > Please contact Red Hat support on how to configure specific servers or > clients. > You may also find the information you're looking for in the Red Hat Customer > Portal: > https://access.redhat.com/articles/1462183 > > >> -----邮件原件----- >> 发件人: Matt Caswell <[email protected]> 发送时间: 2020年3月4日 19:41 >> 收件人: [email protected]; [email protected] >> 抄送: [email protected]; [email protected] >> 主题: Re: <Please advise> Ues 'openssl s_server command' to disable TLS1.0 >> >> >> >>> On 04/03/2020 08:31, [email protected] wrote: >>> Thanks Matt, >>> As your advice, I tried to execute the following both commands to disable >>> TLS 1.0 for Client and Server separately. Since I have no right to access >>> private keyfile, of course they failed. Could you please correct me if the >>> command format is fine? I then will assign them to senior colleague to >>> execute. >>> $ openssl s_server -no_tls1 -key keyfile -cert certname $ openssl s_client >>> -no_tls1 -key keyfile [-cert certname] >> >> The format for s_server is fine. There is no need to supply the -key and >> -cert options to s_client unless you are wanting to test client >> authentication. >> >> However, I'm still not convinced you have understood what these commands >> actually do. They will create a test server, and a initiate a test client to >> connect to it respectively - and will disable TLSv1.0 for those instances >> only. Typically you would only do this with test keys/certs not with >> production keys/certs. It will have no impact on any other servers/clients >> running in your environment. >> >> Matt >> >>> Thanks. >>> Chobin >>> -----邮件原件----- >>> 发件人: [email protected] >>> [mailto:[email protected]] 代表 Matt Caswell ... >> >> >> >> > > -- > Regards, > Hubert Kario > Senior Quality Engineer, QE BaseOS Security team > Web: www.cz.redhat.com > Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
