TLSv1 has been phased out. Continuing to use it won't break your padlock just yet, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018. If you've been procrastinating as I have. Here is an easy guide to get it done. Code: nano /usr/local/ispconfig/server/conf/nginx_vhost.conf.master Find the line about 9 lines down that reads: Code: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; and change it to: Code: ssl_protocols TLSv1.1 TLSv1.2; Open your ISPCONFIG panel. Go to Tools. Click Resync. Click Websites. Click Start. Optional: Go to your fridge. Open a beer. Drink to the death of TLSv1. RIP TLSv1. Have a nice day! Ref: https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
This will work until the next ispconfig-update. copy conf/nginx_vhost.conf.master to conf-custom/nginx_vhost.conf.master and change the file in conf-custom.
I'm not absolutely sure if that's enough, did you test the site? If I remember correctly, then nginx is enabling the lowest TLS version that is found in any vhost for all vhosts. So it might be that you have to remove TLSv1 from ispconfig.vhost file as well (plus copying the install/tpl/nginx_ispconfig.vhost.master file to conf-custom/install/ to make it update safe). But I might remember this wrongly, so if you tested it and the test shows that TLSv1 is off after your change, then forget my post
No it doesn't, at least in my nginx server. It depends on each vhost. I'm already using tls1.3 via openssl 1.1.1pre8 for ISPConfig panel and so far it is working good.
YEah it did for me since I didn't have any custom config to override the change. I tested it with https://www.whynopadlock.com
