Force applications to use TLS 1.2 for certain domains

debian openssl

Solution 1:

For applications that use OpenSSL, you can set the MinProtocol and MaxProtocol version to TLSv1.2 to force all connections to use TLSv1.2. I know of no way to set this per domain. This is not advisable because some servers only support TLSv1.3, so connections to them will fail.

  1. Open openssl.cnf: vi /etc/ssl/openssl.cnf
  2. Scroll to the bottom: Shift-G
  3. Insert a new line: Shift-O
  4. Add MaxProtocol = TLSv1.2

For applications that use GnuTLS, for example apt, you can disable other versions of TLS in the system-wide GnuTLS configuration file, probably /etc/gnutls/config:

[overrides]
disabled-version = tls1.0
disabled-version = tls1.1
disabled-version = tls1.3

See Disabling algorithms and protocols.

Related

Are Kubernetes updates an atomic transaction?
What will I need to create a web server out of an R710? [closed]
What are the symptoms of an IP address conflict?
How to install PHP 8 in Oracle Linux with Apache?
Proxy settings at/prior to cloud-init runtime
Upgrading Tomcat 7.0 - 8.5 or 9.0?
How do untar as the current user by default?
CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python
Authenticate Samba against OpenLDAP
IIS 7.5 confused between Windows Authentication and Forms Authentication
Window Server Domain DNS
DNSSEC - DNS/domain providers that enable DANE DNS records [closed]