Hi, I've seen this PR into 3.1 stable: https://git.ispconfig.org/ispconfig/ispconfig3/-/merge_requests/1092/diffs When I update ISPConfig to git-stable will these changes be live automatically when I resync. I have customer requests that they want to get the A Grade on SSL Labs and I kinda need to populate this changes now. Thanks
The TLS level of the websites is not set by iSPConfig, so the above MR does not affect what you try to achieve. The website TLS level is defined by the defaults of the Linux Distribution that you use, so you have to modify the global apache or nginx SSL config file to change it.
Oh ok, I saw sections inside the apache conf while looking through the MR, I thought that those will drop TLS 1.0 and 1.1.
I saw that part inside the sites-available: Code: <IfModule mod_ssl.c> SSLEngine on SSLProtocol All -SSLv2 -SSLv3 I updated the ssl.conf. Do I have to retrigger a resync now?
Ok, looks like that a single change to the website was enough to trigger a recreation and now its looking fine here. Thanks again @till
P.S: for everybody reading this in the future. I had to edit those files: /etc/apache2/mods-enabled/ssl.conf but also: /etc/letsencrypt/options-ssl-apache.conf Both had to be adjusted in order to make it work. (+ resync in ISPConfig, since you're not allowed to have one different SSLProtocol directive within another vHost). Reached A+
