xrdp: deprecate TLSv1 and TLSv1.1

Most websites disabled TLSv1 (1.0) and TLSv1.1 since March 2018
[1][2][3]. It is HTTPS context but there's few differences between HTTPS
and other TLS connections. Users can whenever re-enable these deprecated
TLS versions by editing xrdp.ini but not enabled by default.

[1] https://www.globalsign.com/en/blog/disable-tls-10-and-all-ssl-versions/
[2] https://www.thesslstore.com/blog/deprecation-tls-1-0-1-1-underway/
[3] https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/
master
Koichiro IWAO 6 years ago
parent 1ad8cbb2a0
commit 171f8e79ed
No known key found for this signature in database
GPG Key ID: 9F72CDBC01BF10EB

@ -29,7 +29,7 @@ certificate=
key_file=
; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH

Loading…
Cancel
Save