How to disable TLS 1.0 web gui Proxmox Mail Gateway

[Eric Barreto]

Hello everyone,

For security measure, I need to disable tls 1.0, how can I proceed?

Thanks.

 

[heutger]

Would be fine to know from proxmox side as I'm not aware, where and how the web and api server are configured.

 

[Eric Barreto]

Someone?

 

[heutger]

You need to ask directly @tom, @dietmar, @Stoiko Ivanov or someone else of the Proxmox team

 

[Stoiko Ivanov]

AFAIR this is not 'easily' configurable - please open a feature-request at https://bugzilla.proxmox.com should you need it.

Currently the workaround would involve patching `/usr/share/perl5/PMG/Service/pmgproxy.pm` (search for 'sslv3 => 0,' and add a 'tlsv1 =>0,' below).

 

[Eric Barreto]

AFAIR this is not 'easily' configurable - please open a feature-request at https://bugzilla.proxmox.com should you need it.

Currently the workaround would involve patching `/usr/share/perl5/PMG/Service/pmgproxy.pm` (search for 'sslv3 => 0,' and add a 'tlsv1 =>0,' below).

@Stoiko Ivanov

Thanks for the help, the outline solution seems to work for me, according to sslscan. I tried to disable tlsv1.1 by typing in this syntax: tlsv11, but it did not work.

 

[Stoiko Ivanov]

A colleague told me that this was problematic - however you can try to just enable TLS 1.2 ciphers (AFAIR the list we have configured for PVE should work - https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_pveproxy_proxmox_ve_api_proxy_daemon)
hope that helps