TLS v1.3: Unterschied zwischen den Versionen
Aus QBWiki
Zur Navigation springenZur Suche springen
Pascal (Diskussion | Beiträge) |
Pascal (Diskussion | Beiträge) |
||
| (Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | === Install TLSv1.3 CentOS 7=== | ||
| + | {{#css: | ||
| + | |||
| + | }} | ||
| + | |||
| + | |||
| + | ===Benötigte Pakete=== | ||
| + | |||
| + | *'''Nginx''' >= 1.14.0 | ||
| + | **http://nginx.org/download/nginx-1.15.8.tar.gz | ||
| + | *'''OpenSSL''' >= 1.1.1 | ||
| + | **https://www.openssl.org/source/openssl-1.1.1a.tar.gz | ||
| + | *'''PCRE''' >= 8.4.2 | ||
| + | **https://ftp.pcre.org/pub/pcre/pcre-8.42.zip | ||
| + | *'''zlib''' >= 1.11.2 | ||
| + | **https://www.zlib.net/zlib-1.2.11.tar.gz | ||
| + | *'''kernel (lt/ml)''' >= 4.13 | ||
| + | **[[CentOS 7 - Aktueller Kernel]] | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | nginx='http://nginx.org/download/nginx-1.15.8.tar.gz' | ||
| + | pcre='https://ftp.pcre.org/pub/pcre/pcre-8.42.zip' | ||
| + | zlib='https://www.zlib.net/zlib-1.2.11.tar.gz' | ||
| + | openssl='https://www.openssl.org/source/openssl-1.1.1a.tar.gz' | ||
| + | |||
| + | mkdir -p /opt/archives && cd $_ | ||
| + | for i in "$nginx" "$pcre" "$zlib" "$openssl"; do | ||
| + | if [[ $i =~ zip$ ]] ; then | ||
| + | unzip "$i" | ||
| + | fi | ||
| + | |||
| + | if [[ $i =~ tar.gz$ ]] ; then | ||
| + | tar xzvf "$i" | ||
| + | fi | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | |||
| + | |||
=== Enable TLS v1.3 in all browsers === | === Enable TLS v1.3 in all browsers === | ||
| Zeile 28: | Zeile 67: | ||
* Launch Terminal and issue following command: <code>'''sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1'''</code> | * Launch Terminal and issue following command: <code>'''sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1'''</code> | ||
* and relaunch Safari. | * and relaunch Safari. | ||
| + | |||
| + | |||
| + | === Information === | ||
| + | |||
| + | ===== Cipher Suites: ===== | ||
| + | |||
| + | TLS_AES_256_GCM_SHA384 | ||
| + | TLS_CHACHA20_POLY1305_SHA256 | ||
| + | TLS_AES_128_GCM_SHA256 | ||
| + | TLS_AES_128_CCM_8_SHA256 | ||
| + | TLS_AES_128_CCM_SHA256 | ||
Aktuelle Version vom 2. Juli 2019, 10:31 Uhr
Inhaltsverzeichnis
Install TLSv1.3 CentOS 7
Benötigte Pakete
- Nginx >= 1.14.0
- OpenSSL >= 1.1.1
- PCRE >= 8.4.2
- zlib >= 1.11.2
- kernel (lt/ml) >= 4.13
nginx='http://nginx.org/download/nginx-1.15.8.tar.gz'
pcre='https://ftp.pcre.org/pub/pcre/pcre-8.42.zip'
zlib='https://www.zlib.net/zlib-1.2.11.tar.gz'
openssl='https://www.openssl.org/source/openssl-1.1.1a.tar.gz'
mkdir -p /opt/archives && cd $_
for i in "$nginx" "$pcre" "$zlib" "$openssl"; do
if [[ $i =~ zip$ ]] ; then
unzip "$i"
fi
if [[ $i =~ tar.gz$ ]] ; then
tar xzvf "$i"
fi
Enable TLS v1.3 in all browsers
Google Chrome (version: 63+ ):
- Launch Chrome
- Type in the address bar:
chrome://flags/#tls13-variant - Check for Enabled (Final)
Opera:
- Launch Opera
- Type in the address bar:
opera://flags/#tls13-variant - Check for Enabled (Final)
Firefox (version: 61 +):
- Launch Firefox
- Type in the address bar:
about:config, search for:tls.version.maxand ensure the value is set to 4.
Safari:
- Launch Terminal and issue following command:
sudo defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 1 - and relaunch Safari.
Information
Cipher Suites:
TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_SHA256
