From 67aa5994d6c91d648465336deea16a697606bfce Mon Sep 17 00:00:00 2001 From: nachoparker Date: Sun, 9 May 2021 06:26:26 -0600 Subject: lamp: allow only TLSv12 and TLSv13 Signed-off-by: nachoparker --- changelog.md | 8 +++++--- lamp.sh | 2 +- ncp.sh | 2 +- updates/1.37.0.sh | 4 ++++ 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/changelog.md b/changelog.md index 274e403f..7763b2d2 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,9 @@ -[v1.36.0](https://github.com/nextcloud/nextcloudpi/commit/5709e46) (2020-09-16) Namecheap dynamic DNS client +[v1.36.1](https://github.com/nextcloud/nextcloudpi/commit/8e7579d) (2021-05-09) lamp: allow only TLSv12 and TLSv13 -[v1.35.2](https://github.com/nextcloud/nextcloudpi/commit/bfab195) (2021-04-29) ncp-web: fix display of big files for 32 bit +[v1.36.0](https://github.com/nextcloud/nextcloudpi/commit/24b6018) (2020-09-16) Namecheap dynamic DNS client + +[v1.35.2 ](https://github.com/nextcloud/nextcloudpi/commit/bfab195) (2021-04-29) ncp-web: fix display of big files for 32 bit [v1.35.1 ](https://github.com/nextcloud/nextcloudpi/commit/e64ca34) (2021-04-29) ncp-web: fix backup download for big files in 32-bit @@ -11,7 +13,7 @@ [v1.34.8 ](https://github.com/nextcloud/nextcloudpi/commit/117b8ea) (2021-01-20) nc-automount: udiskie verbose output -[v1.34.7, master](https://github.com/nextcloud/nextcloudpi/commit/b978184) (2021-01-19) docker: fix datadir path contents +[v1.34.7 ](https://github.com/nextcloud/nextcloudpi/commit/b978184) (2021-01-19) docker: fix datadir path contents [v1.34.6 ](https://github.com/nextcloud/nextcloudpi/commit/84ccf94) (2021-01-18) docker: fix datadir path diff --git a/lamp.sh b/lamp.sh index a5c3a71d..1bd99b79 100644 --- a/lamp.sh +++ b/lamp.sh @@ -62,7 +62,7 @@ H2PushPriority image/png after 32 H2PushPriority application/javascript interleaved # SSL/TLS Configuration -SSLProtocol -all +TLSv1.2 +SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLHonorCipherOrder on SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLCompression off diff --git a/ncp.sh b/ncp.sh index 83f4bc78..78bf4318 100644 --- a/ncp.sh +++ b/ncp.sh @@ -237,7 +237,7 @@ EOF if [[ -f /.ncp-image ]]; then rm -rf /var/log/ncp.log - ## NEXTCLOUDPI MOTD + ## NEXTCLOUDPI MOTD rm -rf /etc/update-motd.d mkdir /etc/update-motd.d rm /etc/motd diff --git a/updates/1.37.0.sh b/updates/1.37.0.sh index 93df6c1d..da5d63fe 100644 --- a/updates/1.37.0.sh +++ b/updates/1.37.0.sh @@ -31,4 +31,8 @@ rm "${crontab_tmp}" : } +## enable TLSv1.3 +sed -i 's|SSLProtocol -all.*|SSLProtocol -all +TLSv1.2 +TLSv1.3|' /etc/apache2/conf-available/http2.conf +bash -c "sleep 2 && service apache2 reload" &>/dev/null & + exit 0 -- cgit v1.2.3