Fixed!!!! It turns out that the gnutls library installed on the system was somehow damaged. It took the installation of gnutls-cli to list supperted protocols and ciphers. I had to yum reinstall gnutls to fix it. Now the ssl.conf has: [Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, (NONE), Cipher is (NONE) Protocol : TLSv1.1 Cipher : 0000 [root at cockpit ~]# Thanks!!!! It was a pleasure working with you and it was a great learning experience! On Fri, Dec 27, 2019 at 6:43 PM Erick Perez - Quadrian Enterprises <eperez at quadrianweb.com> wrote: > > Sure did! > I am even playing with different options (including NONE) and it seems > to ignore the contents of ssl.conf > > I have tried > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA > Environment=G_TLS_GNUTLS_PRIORITY=PFS > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0: > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0 > Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 > > And my last one: > Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 > systemctl daemon-reload > systemctl restart cockpit > > [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_1 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA > Protocol : TLSv1.1 > Cipher : ECDHE-RSA-AES256-SHA > > > [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 > -tls1_2 2>&1 | grep -e Protocol -e Cipher > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES256-GCM-SHA384 > [root at cockpit ~]# > > It is my understanding that -VERS-ALL will disable TLS at all and > produce no output from the above tests. This does not seem to be the > case. > Also, If I did -SHA384 and -SHA256 then why the cipher in TLS1_2 test > is ECDHE-RSA-AES256-GCM-SHA384 > > It seems it is completely ignoring the Environment variable. > > > On Fri, Dec 27, 2019 at 5:18 PM Jonathan Billings <billings at negate.org> wrote: > > > > On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises <eperez at quadrianweb.com> wrote: > > > > > > [root at cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > > > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > > > > > [root at cockpit ~]# > > > [root at cockpit ~]# systemctl start cockpit > > > [root at cockpit ~]# systemctl status cockpit -l > > > > Did you run: > > > > # systemctl daemon-reload > > > > ... before starting cockpit? > > > > -- > > Jonathan Billings <billings at negate.org> > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > -- > > --------------------- > Erick Perez > Quadrian Enterprises S.A. - Panama, Republica de Panama > Skype chat: eaperezh > WhatsApp IM: +507-6675-5083 > --------------------- -- --------------------- Erick Perez Quadrian Enterprises S.A. - Panama, Republica de Panama Skype chat: eaperezh WhatsApp IM: +507-6675-5083 ---------------------