We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
Poodle SSL problem
Poodle SSL problem
I think you guys saw the latest news today about the "Poodle" bug in SSL.
The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.
In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.
The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.
In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.
Re: Poodle SSL problem
Maybe it would be nice to have the List from https://cipherli.st/ with SSL at least for the control panel.
i had updated my setup so and looks now like this:
i had updated my setup so
Code: Select all
/usr/local/vesta/nginx/conf/nginx.conf
Code: Select all
/etc/nginx/nginx.conf
Code: Select all
# SSL PCI Compliance
# ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
# ssl_session_cache shared:SSL:10m;
# ssl_prefer_server_ciphers on;
# # poodle check
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# https://cipherli.st/
# strong settings
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY;
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 5s;
Re: Poodle SSL problem
Adding the following should suffice:
Code: Select all
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Re: Poodle SSL problem
We have updated Nginx configuration. Please feel free to download it
Code: Select all
# For RHEL/CentOS
wget http://c.vestacp.com/0.9.8/rhel/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart
Code: Select all
# For Debian/Ubuntu
wget http://c.vestacp.com/0.9.8/ubuntu/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart
Re: Poodle SSL problem
Thanks!!skid wrote:We have updated Nginx configuration. Please feel free to download it
Now, A+ ;-)