• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Disable TLS 1.1 Cockpit port 9090

by admin

This post will help to disable TLS 1.1 cockpit port 9090.

1. Create file /etc/systemd/system/cockpit.service.d/ssl.conf containing:

[Service]
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1

2. Reload systemd daemons:

# systemctl daemon-reload

3. Restart cockpit service:

# systemctl restart cockpit

4. Check protocols tls1_1:

# echo test | openssl s_client -connect localhost:9090 -tls1_1CONNECTED(00000003)
139687924594576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported    ==> Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1595495230
Timeout : 7200 (sec)
Verify return code: 0 (ok)

5. Check protocols tls1_2:

# echo test | openssl s_client -connect localhost:9090 -tls1_2...No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1326 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported  -->  Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3B54CEBA5BA27F851E55409A491540E7A0B6BCB7657B9036D67BB6E82B5F55B5
Session-ID-ctx:
Master-Key: 5AC8E8F409895C2020C87F4598DCF09465661431DAE03FDDEC0EC69FE7F8320FE14B79BA2D6A902A745AE00E265462D0
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1595495263
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
DONE

Filed Under: CentOS/RHEL, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. kpartx Command Examples in Linux
  2. How to map /dev/sdX and /dev/mapper/mpathY device from the /dev/dm-Z device
  3. ip: command not found
  4. How to fix the error “host key verification failed”
  5. firewall-offline-cmd Command Examples in Linux
  6. LVM ISCSI Physical Volume Not Available After Server Reboot
  7. How to configure NTP server and client in CentOS / RHEL 7
  8. xargs: command not found
  9. How to change hostname in CentOS/RHEL 7
  10. blkdiscard: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright