Hey guys using Fleet 3 5 1 and testing with the `openssl`com

Question

Hey guys using Fleet 3 5 1 and testing with the `openssl`command `s client tls1 connect foo bar 443` shows successful negotiation with TLS 1 0 also 1 1 seems to work Is there any way to force Fleet to only accept TLS 1 2 or TLS1 3 connections from agents

zwass · Answer

That is not intended It s configurable via <https github com fleetdm fleet blob master docs 2 Deployment 2 Configuration md server tls compatibility> but neither of those options should allow 1 0 and 1 1 I ll have a look at this

zwass · Answer

I m not able to reproduce this I get error 70 protocol not supported when I try with TLS 1 0 or 1 1 Is this a misconfiguration in your load balancer or something else terminating TLS

zwass · Answer

I do notice that Mozilla s tls compatibility page has been updated since we set this so I will go ahead and update to the new recommendations If you are setting `intermediate` as the profile value that does currently allow 1 0 and 1 1

Adam · Answer

yep seems were are running as `intermediate` so I ll take that back for an internal discussion Thanks for the response

zwass · Answer

I just pushed <https github com fleetdm fleet pull 212> so it will be udpated in 3 7 0 either way

Adam · Answer

+1