[Koha-bugs] [Bug 34193] New: Default HTTPS template has outdated SSLProtocol value
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jul 4 01:47:56 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34193
Bug ID: 34193
Summary: Default HTTPS template has outdated SSLProtocol value
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: koha-bugs at lists.koha-community.org
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
At the moment, debian/templates/apache-site-https.conf.in defaults to
SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
However, TLSv1.2 and TLSv1.3 are the only TLS versions that are supported
globally at the moment. Both 1.1 and 1 are deprecated now, and are disabled in
most systems.
Where possible, you want to be using TLSv1.3, and failing that TLSv1.2.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list