lamp: allow only TLSv12 and TLSv13

Signed-off-by: nachoparker <nacho@ownyourbits.com>
2026-01-10 15:12:01 -03:30 · 2021-05-09 06:26:26 -06:00 · 2021-05-09 06:26:26 -06:00 · 67aa5994d6
commit 67aa5994d6
parent 7aef967f09
4 changed files with 11 additions and 5 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,7 +1,9 @@
-[v1.36.0](https://github.com/nextcloud/nextcloudpi/commit/5709e46) (2020-09-16) Namecheap dynamic DNS client
+[v1.36.1](https://github.com/nextcloud/nextcloudpi/commit/8e7579d) (2021-05-09) lamp: allow only TLSv12 and TLSv13
-[v1.35.2](https://github.com/nextcloud/nextcloudpi/commit/bfab195) (2021-04-29) ncp-web: fix display of big files for 32 bit
+[v1.36.0](https://github.com/nextcloud/nextcloudpi/commit/24b6018) (2020-09-16) Namecheap dynamic DNS client
 [v1.35.2 ](https://github.com/nextcloud/nextcloudpi/commit/bfab195) (2021-04-29) ncp-web: fix display of big files for 32 bit
 [v1.35.1 ](https://github.com/nextcloud/nextcloudpi/commit/e64ca34) (2021-04-29) ncp-web: fix backup download for big files in 32-bit
@ -11,7 +13,7 @@
 [v1.34.8 ](https://github.com/nextcloud/nextcloudpi/commit/117b8ea) (2021-01-20) nc-automount: udiskie verbose output
-[v1.34.7, master](https://github.com/nextcloud/nextcloudpi/commit/b978184) (2021-01-19) docker: fix datadir path contents
+[v1.34.7 ](https://github.com/nextcloud/nextcloudpi/commit/b978184) (2021-01-19) docker: fix datadir path contents
 [v1.34.6 ](https://github.com/nextcloud/nextcloudpi/commit/84ccf94) (2021-01-18) docker: fix datadir path
--- a/lamp.sh
+++ b/lamp.sh
@ -62,7 +62,7 @@ H2PushPriority  image/png               after   32
 H2PushPriority  application/javascript  interleaved
 # SSL/TLS Configuration
-SSLProtocol -all +TLSv1.2
+SSLProtocol -all +TLSv1.2 +TLSv1.3
 SSLHonorCipherOrder on
 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
 SSLCompression          off
--- a/ncp.sh
+++ b/ncp.sh
@ -237,7 +237,7 @@ EOF
  if [[ -f /.ncp-image ]]; then
    rm -rf /var/log/ncp.log
-    ## NEXTCLOUDPI MOTD 
+    ## NEXTCLOUDPI MOTD
    rm -rf /etc/update-motd.d
    mkdir /etc/update-motd.d
    rm /etc/motd
--- a/updates/1.37.0.sh
+++ b/updates/1.37.0.sh
@ -31,4 +31,8 @@ rm "${crontab_tmp}"
  :
 }
 ## enable TLSv1.3
 sed -i 's|SSLProtocol -all.*|SSLProtocol -all +TLSv1.2 +TLSv1.3|' /etc/apache2/conf-available/http2.conf
 bash -c "sleep 2 && service apache2 reload" &>/dev/null &
 exit 0