Force applications to use TLS 1.2 for certain domains
Solution 1:
For applications that use OpenSSL, you can set the MinProtocol and MaxProtocol version to TLSv1.2 to force all connections to use TLSv1.2. I know of no way to set this per domain. This is not advisable because some servers only support TLSv1.3, so connections to them will fail.
- Open openssl.cnf:
vi /etc/ssl/openssl.cnf
- Scroll to the bottom: Shift-G
- Insert a new line: Shift-O
- Add
MaxProtocol = TLSv1.2
For applications that use GnuTLS, for example apt, you can disable other versions of TLS in the system-wide GnuTLS configuration file, probably /etc/gnutls/config:
[overrides]
disabled-version = tls1.0
disabled-version = tls1.1
disabled-version = tls1.3
See Disabling algorithms and protocols.