Share

Disabling TLS 1.0 / 1.1

Warning:

Local installations of Flow Production Tracking are no longer offered. This documentation is intended only for those with existing instances of Shotgun Enterprise Docker. Click here for a list of our current offerings.

Introduction

Transport Layer Security (TLS) versions 1.0 and 1.1 are widely considered to be a security risk and their use deprecated by a majority of vendors. In order to protect your Flow Production Tracking Enterprise site, we strongly recommend disabling insecure versions of TLS / SSL and associated ciphers.

Procedure

  1. We recommend using Mozilla's SSL Configuration Generator with the following options to generate a valid configuration for your deployment when using our included proxy example

    1. HAProxy

    2. Modern

    3. Server Version: Run the following on the Docker host to find this

       sudo docker-compose exec proxy haproxy -v

    4. OpenSSL version: Run the following on the Docker host to find this

       sudo docker-compose exec proxy ash -c 'haproxy -vv |grep "Running on OpenSSL version"'

    5. HSTS Enabled: Disabled

  2. Backup proxy/config/haproxy.cfg on the Docker host

  3. Modify the global section of proxy/config/haproxy.cfg using the values provided by the generator

  4. Restart the proxy service by running

     sudo docker-compose restart proxy

  5. Verify that you can connect to your Flow Production Tracking site

Parent page: Advanced Configuration

Was this information helpful?