How to disable TLS 1.0 and 1.1 for openvidu

atuldsmart · May 22, 2023, 8:52am

How to disable TLS 1.0 and 1.1 for openvidu
I have done changes in /etc/ssl/openssl.cnf file but still is use 1.1 and 1.0
below is the error
root@Openvidu:/opt/openvidu/openvidu# sslscan -tls1_2 xxxxx.com
Version: 1.11.5
OpenSSL 1.0.2n 7 Dec 2017
OpenSSL version does not support SSLv2
SSLv2 ciphers will not be detected
OpenSSL version does not support SSLv3
SSLv3 ciphers will not be detected
Testing SSL server xxxxx.com on port 443

TLS renegotiation:
Secure session renegotiation supported

TLS Compression:
OpenSSL version does not support compression
Rebuild with zlib1g-dev package for zlib support

Heartbleed:
TLS 1.2 not vulnerable to heartbleed
TLS 1.1 not vulnerable to heartbleed
TLS 1.0 not vulnerable to heartbleed

Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 256 bits AES256-SHA256
Accepted TLSv1.2 128 bits AES128-SHA256
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 256 bits CAMELLIA256-SHA
Accepted TLSv1.2 128 bits CAMELLIA128-SHA
Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.1 256 bits AES256-SHA
Accepted TLSv1.1 128 bits AES128-SHA
Accepted TLSv1.1 256 bits CAMELLIA256-SHA
Accepted TLSv1.1 128 bits CAMELLIA128-SHA
Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits AES256-SHA
Accepted TLSv1.0 128 bits AES128-SHA
Accepted TLSv1.0 256 bits CAMELLIA256-SHA
Accepted TLSv1.0 128 bits CAMELLIA128-SHA

SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048

cruizba · May 22, 2023, 8:01pm

I recommend updating your OpenVidu Server deployment. Could you please let me know which version you are currently using? Starting from version 2.24.0, TLS 1.0 and 1.1 have been disabled.

From version 2.24.0 onwards, you have the flexibility to set the TLS version you prefer by using the following environment variable in the openvidu-proxy container:

PROXY_HTTPS_PROTOCOLS=TLSv1.2,TLSv1.3

If this option is not available, you will need to modify the nginx configuration by following the instructions provided in the OpenVidu documentation: https://docs.openvidu.io/en/2.27.0/troubleshooting/#162-modify-openvidu-nginx-configuration

Topic		Replies	Views
OpenVidu Pro deployment not recognizing LetsEncrypt SSL certificate Issues with deployment	10	1090	May 10, 2020
2.15 - SSL certificate invalid ERR_SSL_PROTOCOL_ERROR Issues with deployment	12	1593	August 1, 2020
Cannot run any of the tutorial examples Issues developing apps	11	1105	April 2, 2020
Help me please - How do i enable ssl openviduserver Issues developing apps	5	3038	April 23, 2020
OpenViduPro deployment Issues with deployment	9	538	January 27, 2021

How to disable TLS 1.0 and 1.1 for openvidu

Related Topics