traefik 1.7.X - Logging TLS version in access.log - ssl

is there a way to determine the TLS Version in the traefik access.log.
We want to know how many requests are made with older TLS Versions.
I don't find any option to enable such a feature.
Is there a way to do that ?

traefik 1.7 is not able to log TLS verisons:
https://docs.traefik.io/v1.7/configuration/logs/#list-of-all-available-fields .

Related

Disable TLS 1.3 for GRPC or system-wide in Ubuntu?

I'm trying to use a GRPC client which is TLS 1.3 enabled on my system (Ubuntu 20.04). I'd like to force it to connect over TLS 1.2: I don't see any options to control this, so I thought I'd try disabling TLS 1.3 system-wide.
How do I do this? I tried adding
MaxProtocol = TLSv1.2
to my /etc/ssl/openssl.cnf as this page seems to suggest*, but my GRPC traffic continues over TLS 1.3 (perhaps I'm not reloading the config or something?). I've heard mention of boringssl when it comes to GRPC as well, so perhaps that has something to do with things.
I added it as the second line, right after HOME = .: you can see the whole file here

Turn on TLS 1.2

I just received an email from Authorize.net informing that they deactivate connections to their server using TLS1.0 and TLS1.1.
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
How to check which TLS use in my website?
How to check which TLS use in my website?
Use Qualys SSL Labs vulnerability tester to check which TLS version you are using: https://www.ssllabs.com/ssltest/
You may certainly see that you support several versions (this is the most common case).
Question are Godaddy SSL and Web Host set for TLS1.2 connections and is there anything need to change for configure TLS1.2 for my site?
You have nothing to do, web hosting services by GoDaddy are already supporting TLS 1.2 connections (and TLS 1.0 and TLS 1.1 - they do not support SSL v3 nor SSL v2 anymore, and it's a good thing).

Adobe Media Server and TLS 1.2

I am on AMS 5.07, apache 2.2, and openssl 1.01L and I cannot get TLS 1.2 working. I can only use up to TLS 1.0. Any tricks to getting TLS 1.2 enabled? I'm worried about fully updating apache to 2.4 since it is supposedly configured especially for AMS.
You can't, unless you upgrade
This issue is fixed with Apache 2.4.3 http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
- see SSLCompression Directive
It will only use TLS 1.2 if SSL compression is turned off, and you can't turn it off unless you upgrade.

TLS 1.2 implementation in Play Framework 2.3.x with Nginx

https://www.playframework.com/documentation/2.3.1/ConfiguringHttps describes, in detail, how to implement SSL in Play Framework 2.3.x
However, I am wondering how to implement TLS 1.2 in Play Framework, do I also need something like Nginx?
I am fairly new to this subject. https://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html shows us that SSL is older than TLS. I have heard that SSL is not secure any more, that's why I ask this question.
Nginx support TLS 1.2 without problems (check parameter "ssl_protocols"). Forget about SSL v2 and SSL v3, it is not secure, but most browsers support TLS v1.2, TLSv1.1 and TLS v1.
You can use Nginx as proxy, and configure HTTPS on nginx. Nginx has many usefull options, it can fast serving static files and proxying all other request to "play" application (to TCP port or to socket).
In your link there is information that you can run Play with HTTPS, so there is no need to use nginx, but I agreee with this part:
(..) using a reverse proxy in front of Play will give better control
and security of HTTPS.

Globally disabling protocols in OpenSSL

Is it possible to globally disable TLS 1.1 for an application that is indirectly using OpenSSL?
I would like to disable TLS 1.1 for a C application that makes soap HTTPS calls using gSOAP.
Disabling TLS 1.1 fixes a intermittent SSL connection problem I have been experiencing for the last few days (SSL routines:SSL3_GET_RECORD:wrong version number).
Currently TLS 1.1 is disabled by using a custom build of gSOAP but ideally I would like to disable the protocol using a config file or some code in my application.
Ubuntu 12.04.5 LTS
OpenSSL 1.0.1-4ubuntu5.20
gSOAP 2.8.4-2
Although there is a global OpenSSL config file it can not be used to restrict the default SSL version(s). And unfortunately there seems to be no API or configuration for the gSOAP library to restrict the SSL version. So you must probably live with your custom build version and hope that someday they provide an API to set the SSL version.
At a minimum you will need gSOAP 2.8.28. Use the SOAP_TLSv1_2 option with soap_ssl_client_context() and soap_ssl_server_context() to restrict the TLS protocol to TLSv1.2 only. TLS1.0/TLS1.1/SSLv3 are disabled. You can't combine the SSL/TLS protocol options, so only TLSv1.2 will be enabled with this option. This works with OpenSSL 1.0.1 or later and recent GNUTLS versions. Perhaps there will be new options in upcoming gSOAP releases to support subsets of protocols, which would be nice.