Rejecting TLS1.0

1 post / 0 new
#1 Sat, 09/12/2015 - 20:34
bill56

Rejecting TLS1.0

Hello:

I need to turn off TLS1.0 for Usermin. I was successful turning this off for Webmin using the checkbox in Webmin Configuration -> SSL Engryption -> SSL protocol versions to reject SSLv2 SSLv3 TLSv1.0

However, doing the exact same thing in Usermin Configuration, Usermin still accepts TLSv1.0. And yes, I have restarted Usermin after making the change. Here is /etc/usermin/miniserv.conf:

passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=2
sidname=usid
preroot=virtual-server-theme
passdelay=1
domainstrip=1
domainuser=1
extracas=/home/server/cabundle.crt
certfile=/home/server/ssl.cert
no_sslcompression=1
no_ssl2=1
no_ssl3=1
ssl_honorcipherorder=0
ssl_redirect=0
ssl_cipher_list=ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL root=/usr/libexec/usermin
mimetypes=/usr/libexec/usermin/mime.types
server=MiniServ/1.660
no_tls1_2=
no_tls1=1
no_tls1_1=

Any ideas on what else to try?

Thanks, Bill