[CentOS] Disabling TLS 1.1 in Centos 7 cockpit

Erick Perez - Quadrian Enterprises

eperez at quadrianweb.com
Fri Dec 27 03:26:00 UTC 2019


Hi, I'm using cockpit in standard port 9090 in a Centos 7 system.
Due to a suggestion from management, they want TLS 1.1 disabled
system-wide in all Linux boxes and TLS 1.2 enabled.

I have not found proper documentation on how to disable it for cockpit
(version 195.1 ships with Centos 7)

So far I have tried (https://cockpit-project.org/guide/149/https.html):

/usr/lib/systemd/system/cockpit.service
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2

And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf
and added:
[Service]
Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2

after that, I systemctl restart cockpit

But if I do
#openssl s_client -connect  localhost:9090 -tls1_1
I get a proper response (a certificate), so TLS 1.1 is being accepted.

Suggestions?

Thanks.

-- 

---------------------
Erick Perez
---------------------


More information about the CentOS mailing list