Overview
Both TLS 1.0 and 1.1 have been depricated for some time now. As of Netsweeper 9.1.9 the product no longer supports older Transport Layer Security.
However, in older releases we have refrained from removing some older protocols outright in order to ensure backwards-compatibility for our customer-base.
If you are running Netsweeper version 8 or older, best practice is to disable TLS 1.0 and 1.1 manually, as outlined below.
Disabling Older TLS versions in the nginx Service
Please note: The following process requires SSH access as the root user
- Create a Shell session into your WebAdmin server and upgrade your session to root:
sudo -i- Access the nginx configuration file:
vim /etc/nginx/conf.d/ns_servers.conf- Modify the ssl_protocols setting as follows:
ssl_protocols TLSv1.3 TLSv1.2;- Modify the ssl_ciphers setting as follows:
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;- write (save) and quit (exit) the file.
- Restart the nginx service:
service nginx restart