search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.96k stars 536 forks source link

TLS offload doesn't work with TLS.1.3 #3761

Open woolmonkey opened 2 years ago

woolmonkey commented 2 years ago

I was fighting to get the certificate to work with a NGINX proxy in front of meshcentral. It only worked when I enable TLSv1.2 I guess at some point I only enable TLS1.3.

OutbackMatt commented 2 years ago

What operating system are you connecting from?

In some windows systems you need to explicitly allow TSL v1.3 TLS1.3 is only supported natively from Windows 11, and Server 2019

Ylianst commented 2 years ago

Any recent NodeJS should support TLS 1.3. What NodeJS version are you running? You can type:

node -v

This should display it. MeshCentral should fully support TLS 1.2 and 1.3 and not support previous version of TLS.

If your using Intel AMT only: There is an exception to this since Intel AMT port 4433 is setup to support older TLS versions so that older Intel AMT versions can still connect. This is only port 4433, does not apply to port 443.

I will also note that if you are using "tlsoffload" in the config.json of MeshCentral, MeshCentral will not perform TLS at all on it's HTTPS port.

I have a YouTube video on installing MeshCentral with NGINX here, that can hopefully help. You can also look at a sample NGINX config in section 16 of the User's Guide here. Hopefully that can also help.