[CentOS] Disabling TLS 1.1 in Centos 7 cockpit

Fri Dec 27 03:26:00 UTC 2019
Erick Perez - Quadrian Enterprises <eperez at quadrianweb.com>

Hi, I'm using cockpit in standard port 9090 in a Centos 7 system.
Due to a suggestion from management, they want TLS 1.1 disabled
system-wide in all Linux boxes and TLS 1.2 enabled.

I have not found proper documentation on how to disable it for cockpit
(version 195.1 ships with Centos 7)

So far I have tried (https://cockpit-project.org/guide/149/https.html):


And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf
and added:

after that, I systemctl restart cockpit

But if I do
#openssl s_client -connect  localhost:9090 -tls1_1
I get a proper response (a certificate), so TLS 1.1 is being accepted.




Erick Perez