I am trying to figure out where the server.conf is or if there is a place in the interface to disable TLS v1.0 or other. TLSv1.0 is enabled by default which will fail any security scan for compliance.
Anyone know the best way to disable TLS v1.0? Normally you just add --tls-version-min 1.2
LOL I thought I was logged in to the box. I fixed it. But if I modify the server.conf will it overwrite my chanages? How do I make it always keep that setting?
This is what needs to be added:
tls-version-min 1.2
Sure that is crazy, they want to leave 1.0 out there. I will report a bug with them. I do want to make sure my change will not get wiped out anytime something is changed in the GUI.
No, TLS 1.0 is outdated and deserves to die. Clients must update.
As far as I know this won’t affect anyone anyways because OpenVPN always comes bundled with OpenSSL - even on Windows - and therefore even Windows XP should be able to do better than TLS 1.0.
However, I do not want to support Windows XP any more. The security (and performance) with TLS 1.2 or 1.3 is much better. So why not use that?
@ms
the patch is already there, should i wait until the release of Core 148 since we would need then the update.sh to integrate the directive in server.conf ?