Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mojolicious(hypnotoad) - enforce TLS v1.2

How to enforce Mojolicious(hypnotoad) app to use TLS v1.2?

mojo version output:

CORE
  Perl        (v5.16.3, linux)
  Mojolicious (8.0, Supervillain)

OPTIONAL
  Cpanel::JSON::XS 4.04+  (n/a)
  EV 4.0+                 (4.22)
  IO::Socket::Socks 0.64+ (n/a)
  IO::Socket::SSL 2.009+  (2.060)
  Net::DNS::Native 0.15+  (n/a)
  Role::Tiny 2.000001+    (2.000005)

hypnotoad conf:

{
     hypnotoad => {
         listen => ['https://myserver.domain.com:xxxx?cert=/path/to/cert/file.cer&key=/path/to/key/file.key'],
     }
}

This is how I start hypnotoad:

hypnotoad -f script/apps

I have updated the IO::Socket::SSL module as suggested somewhere. It din't work.

Much appreciate any guidance.

like image 643
Sachin Dangol Avatar asked May 28 '19 10:05

Sachin Dangol


1 Answers

Configure version with value TLSv1_2, e.g. in my_app.conf

{
    secrets => ['………'],
    hypnotoad => {
        listen  => ['https://localhost:8443?cert=server_cert.pem&key=server_key.pem&version=TLSv1_2'],
    }
}

Test with curl -k -v https://localhost:8443. Daemon will serve 1.3 by default, but use 1.2 when forced to do so.

like image 100
daxim Avatar answered Sep 17 '22 16:09

daxim