GNU/Linux >> Linux Esercitazione > >> Cent OS

Come disabilitare la porta Cockpit TLS 1.1 9090

Questo post aiuterà a disabilitare la porta 9090 della cabina di pilotaggio TLS 1.1.

1. Crea il file /etc/systemd/system/cockpit.service.d/ssl.conf contenente:

[Service]
Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1

2. Ricarica i demoni di sistema:

# systemctl daemon-reload

3. Riavvia il servizio di cabina di pilotaggio:

# systemctl restart cockpit

4. Controllare i protocolli tls1_1:

# echo test | openssl s_client -connect localhost:9090 -tls1_1CONNECTED(00000003)
139687924594576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported    ==> Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1595495230
Timeout : 7200 (sec)
Verify return code: 0 (ok)

5. Controlla i protocolli tls1_2:

# echo test | openssl s_client -connect localhost:9090 -tls1_2...No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1326 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported  -->  Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 3B54CEBA5BA27F851E55409A491540E7A0B6BCB7657B9036D67BB6E82B5F55B5
Session-ID-ctx:
Master-Key: 5AC8E8F409895C2020C87F4598DCF09465661431DAE03FDDEC0EC69FE7F8320FE14B79BA2D6A902A745AE00E265462D0
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1595495263
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
DONE

"Il server ha rifiutato di allocare pty" – Impossibile accedere a CentOS/RHEL

Come aggiungere sorgente, servizi e porte alla zona firewall in CentOS/RHEL 7 e 8

Cent OS

Come disabilitare SELinux su CentOS 8

Come disabilitare SELinux su CentOS 7

Come disabilitare SELinux su CentOS 8

Come installare Cockpit su CentOS 8

Come disabilitare SELinux su CentOS

Come abilitare SSH su CentOS