[BlueOnyx:23918] Re: 5209R Update: Disabled TLSv1.1 for Apache
Brent Epp
brent at pdc.ca
Sat May 30 12:04:52 -05 2020
Hi Michael,
Since this update, we seem to be having a problem with a PHP SMTP
library (swiftmailer) that we're using for a number of sites. I've
updated the library to the version that provides TLSv1.2 support, the
the failure persists: "Swift_TransportException: Unable to connect with
TLS encryption"
I've also tried the latest version of swiftmailer with PHP 7.3.17, which
results in the same error.
The one last thing I've tried is tweaking the library to force the TLS
version to 1.2 ... same error.
Is there something else I need to adjust within apache to make this work?
Thanks
- Brent
On 2020-02-19 10:49, Michael Stauber wrote:
> Hi all,
>
> Well, it's now the year 2020 (still no flying cars or hover-boards!), so
> it's time to retire the TLSv1.1 protocol from Apache.
>
> To that end an updated base-apache-* has been released for 5209R, where
> it was still available as a fallback.
>
> As the OpenSSL on 5209R is too old to support TLSv1.3 we had introduced
> Nginx as SSL-proxy, as our custom built Nginx is statically compiled
> against a newer OpenSSL that allows us to provide TLSv1.3 and HTTP/2
> functionality.
>
> The benefits and usage of the Nginx SSL-proxy are explained here - in
> case you're wondering what that is and how to make use of it:
>
> https://www.blueonyx.it/5209r-nginx-ssl-proxy
>
> In case someone wonders what SSL protocols the different versions of
> BlueOnyx support in Apache, here is a small list:
>
> BlueOnyx 5210R: Both Apache & Nginx: TLSv1.3 with TLSv1.2 as a fallback
>
> BlueOnyx 5209R: Apache: TLSv1.2, Nginx: TLSv1.3 with TLSv1.2 as fallback
>
> BlueOnyx 5207R/5208R: Apache: TLSv1.2 only
>
More information about the Blueonyx
mailing list