[BlueOnyx:23672] 5209R Update: Disabled TLSv1.1 for Apache
Michael Stauber
mstauber at blueonyx.it
Wed Feb 19 11:49:00 -05 2020
Hi all,
Well, it's now the year 2020 (still no flying cars or hover-boards!), so
it's time to retire the TLSv1.1 protocol from Apache.
To that end an updated base-apache-* has been released for 5209R, where
it was still available as a fallback.
As the OpenSSL on 5209R is too old to support TLSv1.3 we had introduced
Nginx as SSL-proxy, as our custom built Nginx is statically compiled
against a newer OpenSSL that allows us to provide TLSv1.3 and HTTP/2
functionality.
The benefits and usage of the Nginx SSL-proxy are explained here - in
case you're wondering what that is and how to make use of it:
https://www.blueonyx.it/5209r-nginx-ssl-proxy
In case someone wonders what SSL protocols the different versions of
BlueOnyx support in Apache, here is a small list:
BlueOnyx 5210R: Both Apache & Nginx: TLSv1.3 with TLSv1.2 as a fallback
BlueOnyx 5209R: Apache: TLSv1.2, Nginx: TLSv1.3 with TLSv1.2 as fallback
BlueOnyx 5207R/5208R: Apache: TLSv1.2 only
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list