I’ve received a message from Amazon telling me that they’re getting TLS 1.0 and 1.1 connection requests to my account:
“We have identified TLS 1.0 or TLS 1.1 connections to AWS APIs from your account that must be updated for you to maintain AWS connectivity. Please update your client software as soon as possible to use TLS 1.2 or higher to avoid an availability impact. We recommend considering the time needed to verify your changes in a staging environment before introducing them into production.”
But everywhere I look in my server config, I have TLS 1.0 and 1.1 disabled. I have many sites on that server, not so many have SSL enabled, I’ve checked them all, and only TLS 1.2 is enabled.
Is there somewhere to do this at the admin level for all sites?
Thanks for the answer. I use “config” generally, I pretty much looked everywhere in Webmin, and at the SSL Options page for the web sites I have set up on the server in Virtualmin. At first I assumed Amazon was referring to configuration that corresponds to this page in Virtualmin, at:
Apache is not talking to AWS. So, you’re looking in the wrong place.
Nothing Virtualmin manages is talking to anything in AWS, unless you are backing up to S3 buckets, in which case, Virtualmin is using whatever version of awscli is installed on your system, which may or may not be using outdated protocols (but probably not). Or, if you are using Virtualmin to manage Route 53 DNS records, that would also be Virtualmin talking to AWS APIs. But, you didn’t mention either of those, so…I dunno.
That error means something is communicating with AWS APIs, which probably has nothing to do with Virtualmin, and may not have anything to do with your EC2 instances (probably doesn’t). What other apps do you have that are using AWS?
But, it definitely has nothing to do with Apache configuration.
Yup. That was my next question. Remember that I presumed this solution for this topic was changing a setting somewhere.
But the old version - not only an EOL release but an installation that can’t update! I have a number of updates pending in Webmin, that get an error when I try to do so. For example:
Err:1 Index of /infra/ubuntu/ bionic-infra-security/main amd64 imagemagick-6-common all 8:188.8.131.52+dfsg-16ubuntu6.15+esm1
401 Unauthorized [IP: xxx.xxx.xxx.xx 443]
For EACH package that needs updating. I don’t think this is technically an EOL issue since Webmin really seems to think there’s packages to update. It’s seeing them somewhere. 401 Unauthorized indicates a permission issue somewhere.