From f6d8a2d834255d84a69e0282b1f33441f034e736 Mon Sep 17 00:00:00 2001 From: Franco Fichtner Date: Mon, 18 Dec 2023 11:46:43 +0100 Subject: [PATCH] firmware: TLS 1.3 works now on our mirrors so limit to this one --- src/opnsense/scripts/firmware/launcher.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/opnsense/scripts/firmware/launcher.sh b/src/opnsense/scripts/firmware/launcher.sh index bc29d773a..961034c13 100755 --- a/src/opnsense/scripts/firmware/launcher.sh +++ b/src/opnsense/scripts/firmware/launcher.sh @@ -97,10 +97,11 @@ if [ -n "${DO_RANDOM}" ]; then sleep ${DO_RANDOM#"-r "} fi -# business mirror compliance requires disabling the use of TLS 1.0 and 1.1 +# business mirror compliance requires disabling the use of TLS below 1.3 if [ -n "$(opnsense-update -x)" ]; then export SSL_NO_TLS1="yes" export SSL_NO_TLS1_1="yes" + export SSL_NO_TLS1_2="yes" fi if [ -z "${DO_UNLOCKED}" ]; then