InterWorx Version 5.1.0 Released!

Well you actually can do this but it will take a while before your RC install will receive updates from Stable or Release. But after a month or two you probably will have a “Release” or “Stable” system.

EDIT:
Well just checked a CentOS 5 system using the “Release” repo and a CentOS 7 system using the “RC” repo and the version difference between the two is 5.1.2-1012 for the “Release” and 5.1.2-1016 for the “RC” and the difference in release date is 6 days, so I guess it will take a few weeks and not a few months.

[QUOTE=IWorx-Paul;27880]* Simplified customization of SSLCipherSuite and SSLProtocol settings for services, and removal of the less-secure SSLv3 protocol option by default.

Paul[/QUOTE]
Paul,

Does this mean that the SSLCipherSuite and SSLProtocol settings can be customized from the control panel? I am unable to find anything like this in the CP (upgraded already, of course). I frequently have to manually edit the SSL configuration for many sites, because PCI Compliance vulnerability scanners will fail compliance over not using (very current) SSL “best practices.” Do I still have to edit all the SSL configs manually, in InterWorx’s Apache config, the VirtualHosts, qmail, and proftp? Perhaps there is an edit field on the NodeWorx level that can bring all services and SiteWorx accounts in step with a new SSL config in one step?

Hi jimp

Yes, you can set different ciphers for different services.

If you need to make a deeper change, such as strict SSL then you will still need to manual adjust

Here’s my post to show where you find edit the ciphers

Many thanks

John

http://forums.interworx.com/showpost.php?p=27901

It would be a great feature to edit the vhost files easier. For example, editing headers, protocol. Enable forward secrecy, public key pinning, OCSP stapling, HSTH, etc… Maybe Let’s Encrypt support.

[QUOTE=d2d4j;28040]Hi jimp

Yes, you can set different ciphers for different services.

If you need to make a deeper change, such as strict SSL then you will still need to manual adjust

Here’s my post to show where you find edit the ciphers

Many thanks

John

http://forums.interworx.com/showpost.php?p=27901[/QUOTE]
That worked, thank you. It appears to have removed SSLCipherSuite from all vhost files and defined it once in ssl.conf, effectively applying to all SiteWorx accounts that use SSL.

So where is the similar field for SSLProtocol? The release notes cite that option too.

Hi jimp

Good point, I missed that sorry

To be honest though, with the ending of SSL, the only protocols which should be used are TLS v1.0, 1.1 and 1.2, with PCI dss only using TLS v1.1 or 1.2, so I’m thinking this might why IW did not include it, as ciphers should dictate the protocol to a high degree

I’ll email this to IW tommorow when I’m back though, showing your post so you have credit for it, as it would be lovely to have this input option

Many thanks

John