Need to disable TLSV1 & TLSV1.1

Keywords: WordPress + NGINX + SSL - AWS - Technical issue - Other
Description:
We have followed the below steps and after querying we are seeing TLSV1 & TLSV1.1
https://docs.bitnami.com/aws/infrastructure/nginx/administration/enable-https-ssl-nginx/

Hi @vishanthvv,

Did you change the SSLProtocol directive in the /opt/bitnami/apache2/conf/bitnami/bitnami.conf folder to TLSv1.2?

SSLProtocol TLSv1.2

Regards,
Michiel

Please find the folders under /opt/bitnami

Could not see apache2
We are using NGINX

Hi @vishanthvv,

My apologies, in that case you need to edit the ssl_protocols line in the /opt/bitnami/nginx/conf/nginx.conf file.

Regards,
Michiel

Hi Michiel,

Please find the below nginx conf file;

user daemon daemon;
worker_processes auto;

error_log “/opt/bitnami/nginx/logs/error.log”;

pid “/opt/bitnami/nginx/logs/nginx.pid”;

events {
use epoll;
worker_connections 1024;
multi_accept on;
}

set open fd limit to 30000

worker_rlimit_nofile 30000;

http {
ssl_protocols TLSv1.2 TLSv1.3;
include mime.types;
default_type application/octet-stream;

client_body_temp_path  "/opt/bitnami/nginx/tmp/client_body" 1 2;
proxy_temp_path "/opt/bitnami/nginx/tmp/proxy" 1 2;
fastcgi_temp_path "/opt/bitnami/nginx/tmp/fastcgi" 1 2;
scgi_temp_path "/opt/bitnami/nginx/tmp/scgi" 1 2;
uwsgi_temp_path "/opt/bitnami/nginx/tmp/uwsgi" 1 2;

access_log  "/opt/bitnami/nginx/logs/access.log";

sendfile        on;

keepalive_timeout  65;
client_max_body_size 80M;

gzip on;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_proxied any;
gzip_vary on;
gzip_types text/plain
           text/xml
           text/css
           text/javascript
           application/json
           application/javascript
           application/x-javascript
           application/ecmascript
           application/xml
           application/rss+xml
           application/atom+xml
           application/rdf+xml
           application/xml+rss
           application/xhtml+xml
           application/x-font-ttf
           application/x-font-opentype
           application/vnd.ms-fontobject
           image/svg+xml
           image/x-icon
           application/atom_xml;

gzip_buffers 16 8k;

add_header X-Frame-Options SAMEORIGIN;

ssl_prefer_server_ciphers  on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;

include "/opt/bitnami/nginx/conf/bitnami/bitnami.conf";

}

Hi @vishanthvv,

Did you restart Nginx?

sudo /opt/bitnami/ctlscript.sh restart nginx

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool in a cloud image or virtual machine

Please note that you need to paste the code ID that is shown at the end.

Regards,
Michiel

The support bundle file was successfully created, but the automatic upload to Bitnami servers failed. You will need to upload it to your Bitnami Support ticket manually. Please locate the following file in your file browser or in your terminal: /tmp/bitnami-wordpresspro-info-20210516-130318-30806.zip Exercise caution when uploading the resulting support bundle to public sites as it contains detailed diagnostic information.
Unable to upload automatically.
Could you please help me to upload manually

Hi @vishanthvv,

You can download it using an SFTP application like Filezilla. Then you can upload it to a file sharing service like Google drive, and share the link with me through my email. (I’ve sent you my email address in a private message)

https://docs.bitnami.com/aws/faq/administration/upload-files/

Regards,
Michiel

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.