Created
February 16, 2019 07:36
-
-
Save dfinnema/d2c99d956d38ac5b298e45253414aec3 to your computer and use it in GitHub Desktop.
Add weaker ciphers to UNMS to ensure older devices can be managed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copy the current NGINX conf file from the docker container | |
| # docker cp unms-nginx:/etc/nginx/conf.d/combined.conf ~/combined.conf | |
| # | |
| # Add the following ciphers to combine.conf | |
| # AES256-SHA256 | |
| # AES256-SHA | |
| # | |
| # Find the line looking something like: | |
| # ssl_ciphers EECDH:RSA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!3DES:!SEED:!IDEA:!MD5:!PSK:!RC4; | |
| # | |
| # Add the ciphers after EECDH:RSA:HIGH: | |
| # | |
| # Should look something like this: | |
| # ssl_ciphers EECDH:RSA:HIGH:AES256-SHA256:AES256-SHA:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!3DES:!SEED:!IDEA:!MD5:!PSK:!RC4; | |
| # | |
| # Copy the conf file back | |
| # docker cp ~/combined.conf unms-nginx:/etc/nginx/conf.d/combined.conf | |
| # | |
| # Reload Nginx inside the container | |
| # docker container exec unms-nginx nginx -s reload | |
| # | |
| # Should now be able to connect using older equipment whilst keeping a high ssl labs score |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment