xrdp: deprecate TLSv1 and TLSv1.1

Most websites disabled TLSv1 (1.0) and TLSv1.1 since March 2018 [1][2][3]. It is HTTPS context but there's few differences between HTTPS and other TLS connections. Users can whenever re-enable these deprecated TLS versions by editing xrdp.ini but not enabled by default. [1] https://www.globalsign.com/en/blog/disable-tls-10-and-all-ssl-versions/ [2] https://www.thesslstore.com/blog/deprecation-tls-1-0-1-1-underway/ [3] https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/
author: Koichiro IWAO <meta@vmeta.jp> 2018-09-14 00:41:09 +0900
committer: Koichiro IWAO <meta@vmeta.jp> 2018-09-14 11:50:55 +0900
commit: 171f8e79ed76113bdfb8fa6d89822647ab31b297 (patch)
tree: 62e2ed4647679bf67c86169618bede3e2a0bd645 /xrdp
parent: 1ad8cbb2a0f8e54e518dcda4bcfe43db90488964 (diff)
download: xrdp-proprietary-171f8e79ed76113bdfb8fa6d89822647ab31b297.tar.gz
xrdp-proprietary-171f8e79ed76113bdfb8fa6d89822647ab31b297.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/xrdp/xrdp.ini.in b/xrdp/xrdp.ini.in
index 97fc81f9..76da53b5 100644
--- a/xrdp/xrdp.ini.in
+++ b/xrdp/xrdp.ini.in
@@ -29,7 +29,7 @@ certificate=
 key_file=
 ; set SSL protocols
 ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
-ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
+ssl_protocols=TLSv1.2, TLSv1.3
 ; set TLS cipher suites
 #tls_ciphers=HIGH
author	Koichiro IWAO <meta@vmeta.jp>	2018-09-14 00:41:09 +0900
committer	Koichiro IWAO <meta@vmeta.jp>	2018-09-14 11:50:55 +0900
commit	171f8e79ed76113bdfb8fa6d89822647ab31b297 (patch)
tree	62e2ed4647679bf67c86169618bede3e2a0bd645 /xrdp
parent	1ad8cbb2a0f8e54e518dcda4bcfe43db90488964 (diff)
download	xrdp-proprietary-171f8e79ed76113bdfb8fa6d89822647ab31b297.tar.gz xrdp-proprietary-171f8e79ed76113bdfb8fa6d89822647ab31b297.zip