Koozali.org formerly Contribs.org

Whats the TLS version on my server?

Offline ber

  • ****
  • 234
Whats the TLS version on my server?
« on: December 11, 2018, 08:13:29 AM »
Hi Ive got a Linux SME 9 on a site. Running as a server/gateway.

Recently I had to replace a workstation which has some medical appointment notification software installed.
After replacing the PC and reinstalling the software we had issues with the notification software. The software connects to a remote server issuing notifications to clients by SMS for upcoming appointments.
Essentially the software needs to connect to the offsite remote server to authenticate its license. the software cannot be installed because its not able to connect to the remote server.
Its not able to do so and the Vendor suspects the Linux SME server/Firewall.

They advised that the software runs on TLS security protocol version 1 and 1.2.

How do I confirm whether these protocols are supported by the server?
Are there logs to verify that the firewall is blocking any attempts by the software to connect to the remote server?
Can any shine any light to eliminate the issue with the server.
The software worked on previous PC without any problems and there has been no changes to the server since the PC was replaced.
I can advise that some years ago with the same issue and some smart guru was able to get the software going but am not certain exactly what he did or where he is??

kind Regards

Offline ReetP

  • *
  • 1,866
Re: Whats the TLS version on my server?
« Reply #1 on: December 11, 2018, 10:16:25 AM »
Assuming you aren't using a proxy on SME then it shoukd make no difference what version of TLS it runs. It is just passing packets back and forth.

There's a possibility your firewall is blocking something.

Look.at /var/log/iptables

Do you have fail2ban installed?

Does the far end try and check your server somehow?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mmccarn

  • *
  • 2,372
Re: Whats the TLS version on my server?
« Reply #2 on: December 11, 2018, 12:04:11 PM »
The transparent proxy is still enabled by default, since the template code reads

Quote from: /etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy
...
    my $transproxy = $squid{Transparent} || "yes";
...

To disable the transparent proxy:
- Login to server-manager
- Select 'Proxy Settings" under Security
- Set "Http proxy status" to 'disabled'
- Click "Save"

Once the equipment is licensed, you can turn the proxy back on.

If the medical equipment needs the proxy disabled but you want the proxy enabled for normal web browsers, you'll need to look at https://wiki.contribs.org/Firewall#Bypass_Proxy

Be aware that the "Bypass_Proxy" section of the firewall page was written 10 years ago.  The procedure should be safe, but may not work flawlessly...