Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to disable SSLv3.0 and use TLS1.0 in Gunicorn

Tags:

ssl

gunicorn

I am running Django 1.7 with gunicorn. I am able to use https using gunicorn by passing certificate and key file as parameter.

When I validate my server by geotrust ssl tools, it says everything is fine except -

This server may be vulnerable: SSLv3 is enabled
Disable SSLv3 and use TLS 1.0 or higher.

I am new to this and not able to understand how to do this. Is this is related to machine or this is related to gunicorn?

like image 952
anuragal Avatar asked May 15 '15 12:05

anuragal


1 Answers

gunicorn --ssl-version TLSv1_2 -b 0.0.0.0:8000 project:app

This should enable TLSV1.2 in 8000 port. you can also check if TLSV1 is still active by running below command. if connection established, then target uses tlsv1

openssl s_client -connect hostname:port -tls1

You can also check for tlsv1.2: openssl s_client -connect hostname:port -tls1_2

like image 109
rkbala Avatar answered Oct 02 '22 04:10

rkbala