Minimum TLS version = 1.0?

It appears the storage node accepts tls1. It should have a minimum of tls1.1 or tls1.2, really. Is there a way to configure this as a SNO?

1 Like

Welcome @tedder to our community.

Thanks for raising this point.
We are going to verify if we are actually accepting it.

If we see that we do, we definitely will create a patch.


fwiw, here’s a test showing it accepts 1.0:

openssl s_client -no_tls1_2 -no_tls1_3 -no_tls1_1 -connect localhost:28967

you can compare that by forcing tls1.1:

openssl s_client -no_tls1_2 -no_tls1_3 -no_tls1 -connect localhost:28967

Thanks for that!

There is already a PR since this morning for the fix

1 Like