TLS 1.0 & TLS 1.1 disable for our side if possible in pfsense

ejaj · Jan 2, 2020, 8:33 AM

Hello Experts:- Request you please reply.
need to disable tls 1.0 and tls 1.1 from pfsense , it's for our webserver i mean for our website is there any way .. or any other idea. to achieve this.

Gertjan · Jan 3, 2020, 5:53 AM

Hi,

Your web server is pfSense ?
What has the pfSense GUI to do with your web server ?
You are not exposing the pfSense GUI on the Internet, right ?

jimp · Jan 2, 2020, 1:39 PM

You would disable that on the web server which is actually serving the site, not at the firewall.

The only possible exception to that would be if you are doing SSL offloading in a package like HAProxy.

Moved out of the ACME category as either way, that question is not relevant to ACME/Let's Encrypt.

ejaj · Jan 3, 2020, 5:51 AM

@jimp Thank you so much Sir for the reply,We have done on web server too.but due to some issues we want achieve this via pfsense,can we disable from pfsense. we have offloaded ssl on HA proxy pfsense.

ejaj · Jan 3, 2020, 5:53 AM

@Gertjan Hello Sir,@jimp understood my question which i want exact but we want to achieve this from pf-sense. by the way Thank you much reply.

Gertjan · Jan 3, 2020, 9:35 AM

Look here : https://forum.netgate.com/topic/149300/captive-portal-err_ssl_protocol_error/5 - as in a a TLS 1.0 1.1 1.2 some 3 days ago. I guess you would have find it by now ;)

It's not a GUI option, just change /etc/inc/system.inc - line 1466.

ejaj · Jan 6, 2020, 10:08 AM

@Gertjan Thanks Sir ,one more question i want to share scenario our website hosted on x server(it can be cent os httpd or windows iis) so that webserver frontend backend in pfsnese HA proxy .so this thing https://forum.netgate.com/topic/149300/captive-portal-err_ssl_protocol_error/6 help me in this scenario or different thing.