Disable tlsv1.1 in https server

Marhoosh · June 3, 2024, 9:26am

Hi
I want to disable tlsv1.1 in https server,the port is 8089.But I don’t know how to do it.If you can give me some advice,very thanks.
Here is my http show status:

server-1-87*CLI> http show status
HTTP Server Status:
Prefix: 
Server: Asterisk/18.17.0
Server Enabled and Bound to 0.0.0.0:8088

HTTPS Server Enabled and Bound to 0.0.0.0:8089

Enabled URI's:
/httpstatus => Asterisk HTTP General Status
/phoneprov/... => Asterisk HTTP Phone Provisioning Tool
/amanager => HTML Manager Event Interface w/Digest authentication
/metrics/... => Prometheus Metrics URI
/arawman => Raw HTTP Manager Event Interface w/Digest authentication
/manager => HTML Manager Event Interface
/rawman => Raw HTTP Manager Event Interface
/static/... => Asterisk HTTP Static Delivery
/amxml => XML Manager Event Interface w/Digest authentication
/mxml => XML Manager Event Interface
/ari/... => Asterisk RESTful API
/ws => Asterisk HTTP WebSocket

Enabled Redirects:
  None.

Here is my http.conf:

[general]
enabled=yes
enablestatic=yes

bindaddr=0.0.0.0
bindport=8088
prefix=
sessionlimit=1000
session_inactivity=30000
session_keep_alive=15000

tlsenable=yes
tlsbindaddr=0.0.0.0:8089


tlscertfile=/opt/disk/asterisk/etc/asterisk/keys/server.crt
tlsprivatekey=/opt/disk/asterisk/etc/asterisk/keys/server.key

tlsprotocol=tlsv1_2       ; Ensure only TLS v1.2 is used
tlscipher=HIGH            ; Use high encryption ciphers

jcolp · June 3, 2024, 3:29pm

github.com

asterisk/asterisk/blob/master/configs/samples/http.conf.sample#L113


      
          ; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
          ; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
          ; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
          ; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
          ; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
          ; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
          ; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
          ; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
          ;
          ; tlsdisablev1=yes                ; Disable TLSv1 support - if not set this defaults to "yes"
          ; tlsdisablev11=yes               ; Disable TLSv1.1 support - if not set this defaults to "no"
          ; tlsdisablev12=yes               ; Disable TLSv1.2 support - if not set this defaults to "no"
          ;
          ; tlsservercipherorder=yes        ; Use the server preference order instead of the client order
          ;                                 ; Defaults to "yes"
          ;
          ; The post_mappings section maps URLs to real paths on the filesystem.  If a
          ; POST is done from within an authenticated manager session to one of the
          ; configured POST mappings, then any files in the POST will be placed in the
          ; configured directory.
          ;

jcolp · June 3, 2024, 3:30pm

I also ask, where did this “tlsprotocol” in your existing http.conf come from?

Marhoosh · June 4, 2024, 12:55am

chatgpt

Marhoosh · June 4, 2024, 12:57am

thanks!

system · July 4, 2024, 12:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTP Server Disabled Asterisk Support	2	810	May 6, 2023
Asterisk 13 - Force TLSv1.2 Asterisk Support	3	1914	June 13, 2017
Problem setting up ssl connection: Asterisk Support	8	17748	September 30, 2020
Asterisk 15 HTTPS server Asterisk Support	9	8026	November 1, 2017
TLS 1.0 in Asterisk Asterisk SIP	5	980	March 14, 2021

Disable tlsv1.1 in https server

Related topics