TLSv1.3 support for Virtualmin

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin

https://www.virtualmin.com

GNU General Public License v3.0

331 stars 102 forks source link

TLSv1.3 support for Virtualmin #90

Open sz00gun opened 5 years ago

sz00gun commented 5 years ago

Ubuntu 18.04.2 supports OpenSSL 1.1.1 by default, however latest Virtualmin 6 don't support it yet.

any chance to add this facility here? chowa-ssl

whereisaaron commented 5 years ago

Hi @sz00gun, you need both Apache 2.4.37 and OpenSSL 1.1.1 to enable TLSv1.3

The problem is the Ubuntu 18.04.2 version of Apache is only 2.4.29 and so does not support TLSv1.3.

You might be able to use this example to install an unofficial update: https://ayesh.me/TLSv1.3-Apache

chris001 commented 5 years ago

For complete TLS 1.3 support on all Virtualmin services, you'd also need at least these versions, or newer:

OpenSSL 1.1.1 : https://wiki.openssl.org/index.php/TLS1.3
Dovecot 2.3.2.1 : https://launchpad.net/ubuntu/+source/dovecot/+changelog
Postfix 3.3.2 : http://www.postfix.org/announcements/postfix-3.3.2.html
Nginx 1.13.0 (available since April 2017): https://nginx.org/en/CHANGES

chris001 commented 5 years ago

Ubuntu 18.04.2 supports OpenSSL 1.1.1 by default, however latest Virtualmin 6 don't support it yet.

sudo add-apt-repository ppa:ondrej/apache2
sudo apt-get update
sudo apt install apache2

Then you update the apache ssl.conf file to disable SSLv2 SSLv3 TLSv1 and TLSv1.1 protocols, and use TLSv1.3 ciphers.
```
sudo service apache2 restart
```
Verify your Virtualmin is running TLSv1.3 at https://www.ssllabs.com/ssltest/index.html

jcameron commented 5 years ago

We'll add TLS v1.3 to that list in the OP.

ardabeyazoglu commented 4 years ago

For nginx users, adding ssl_protocols TLSv1.2 TLSv1.3; to nginx.conf does the trick. It doesnt matter what is chosen inside virtualmin in this case.