Enabling TLS 1.0 on Dokku - docker

I'm running a rest api on Dokku platform. Recently I discovered that Android <5 doesn't support tls 1.1 and 1.2, so I was wondering if I could enable 1.0 on my host (default cert enabled only 1.2).

You'll need to get a certificate from an authority that supports lower than TLS 1.2, though I believe that is a requirement for GDPR.

Related

ASP.net MVC 5 TLS 1.2 (chrome warning about TLS 1.0 deprecated)

after deploying an asp.net mvc5 website to a shared hosting (plesk panel) with let's encrypt ssl I see this warning in the chrome console:
The connection used to load resources from https://example.com used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented from loading these resources. The server should enable TLS 1.2 or later. See https://www.chromestatus.com/feature/5654791610957824 for more information.
is this something that can be fixed in the code of the application, or is it server configuration ?
Copied from comment with some additional info.
The message from Chrome is clear enough,
Chrome attempts to use TLS 1.2 for security (TLS 1.0 and 1.1 are not considered secure).
The server side does not support TLS 1.2 handshakes as Chrome detects.
Therefore, only the server administrators (or service providers ISP) can diagnose and fix such issues.

Trusted Certificate fails after upgrade from 4.6.1 to 4.7.2

After upgrading a service written in F# from 4.6.1 to 4.7.2 i startet getting a classic SSL/TLS error "The request was aborted: Could not create SSL/TLS secure channel".
TLS 1.2 is enabled on all servers.
I verified with Fiddler that the old version and the new version of the application both uses TLS 1.2 as they should and have done for a long time.
The requests appears to be identical.
The service runs as a Network Service, however i get the same error if i run it as admin.
The certificate is selfsigned and placed in Trusted Root Certification Auth.
The certificate is only used to internal https between our services.
If I add the certificate to Personal certificates in certmgr the error disappears and the service works!
From my view it is as if after upgrading to 4.7.2 the Trusted Ca certificates are "ignored".
Adding the certificate to Personal when its placed in Trusted Certificates is not a solution.
I havent been able to identify the change which somehow must have been introduced in 4.7.2.
What am i missing?

Is it compulsory to setup Application Center with SSL cert when downloading iOS app?

Question:
Is it compulsory to setup Application Center with SSL cert (e.g. startssl.com) when downloading iOS app?
What have I tried:
1st Try:
1) I didn't configure SSL cert and try to download the ios app using http and https link. (http://xxx.xxx.xxx.xxx:9080/applicationcenter/installers.html and https://xxx.xxx.xxx.xxx:9443/applicationcenter/installers.html)
2) Major setting in mfp server.xml,
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<httpEndpoint id="defaultHttpEndpoint” host="*" httpPort="9080” httpsPort="9443" >
<keyStore id="defaultKeyStore" password="worklight" />
Result/Issue
Http:
Https:
2nd Try:
1) Import .p12 generated in startssl.com
2) And follow this guide to setup the necessary configuration: http://www.ibm.com/support/knowledgecenter/en/SSHS8R_7.1.0/com.ibm.worklight.installconfig.doc/appcenter/t_ac_ssl_lib.html
Result/Issue
Couldn't connect to the https server after configuring server.xml and restarting the mfp server
For iOS, TLS 1.2 is required on the server, yes.
See here: http://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.installconfig.doc/appcenter/c_ac_ssl_config.html
You can configure the Application Center with SSL or without SSL, unless you intend to install applications on iOS devices. For iOS applications, you must configure the Application Center server with SSL and enable the TLS v1.2 protocol.

SSL SNI support on iOS by default also in older versions?

I have an app that connects to Apache server with SNI enabled to support several Virtualhosts
In iOS 7.1.1 and older iOs versions the connection fails with this visible error in Apache (when in debug mode):
Apache-Error: [file "ssl_engine_kernel.c"] [line 512] [level 7] Changed client verification type will force renegotiation
Apache-Error: [file "/builddir/build/BUILD/httpd-2.2.15/modules/ssl/ssl_engine_kernel.c"] [line 542] [level 6] Non-default virtual host with SSLVerify set to 'require' and VirtualHost-specific CA certificate list is only available to clients with TLS server name indication (SNI) support
it works instead when SNI is disabled in Apache, the correct virtualhost is the default or iOS version >= 8 is used.
The question is: Is in iOS SNI ON by default? It looks like yes on iOS >= 8.0 and no in <8.
If it is not on by default in old iOS versions (is what looks like), anyone knows how to force SNI sending?
Thanks in advance

DataSnap standalone HTTPS server (EXE) - OpenSSL support for TLS v1.2

I have a standalone (EXE) DataSnap server written in Delphi XE6 which I've secured with an SSL certificate using the OpenSSL DLLs. When I test the connection to the server I can see that it supports TLS v1.0. I now need to ensure the server can support TLS v1.2 (e.g. to support connections from iOS9 apps). However I can't see how to enable this. I've made the Windows registry changes to the (Windows 2008R2) server to enable TLS v1.2 but I guess this only affects IIS apps.
Can anybody show me how to enable TLS v1.2 within the Windows OpenSSL DLLs? I'm using version 1.0.2d of the DLLs. Or is there something within the DataSnap server component properties that needs to be changed?

Resources