Disable unsecure TLS and SSL

TLS versions 1.0/1.1 and SSL 2/3 are known to be not secure. These should be disabled for your home servers.

This seems to be fixed in Raspberry Pi OS. Run the command:

$ cat /etc/ssl/openssl.cnf

[system_default_sect]

MinProtocol = TLSv1.2

CipherString = DEFAULT@SECLEVEL=2

Show available TLS and SSL versions

From a terminal window, run the raspbian command to show available OpenSSL TLS and SSL versions:

$ openssl ciphers -v | awk '{print $2}' | sort | uniq

If your server is accessible from the web, then on the Raspberry Pi run:

https://www.ssllabs.com/ssltest/analyze.html?d=♣dynamic-dns-name♣.duckdns.org

or

www.immuniweb.com

References:

How to enable or disable TLSv1.0, TLSv1.1, SSLv2 or SSLv3 by GlobalSign

CVE entries related to TLS - standard place to look up security violations

KeyCDN: OpenSSL tutorial. SSL is obsolete and is replaced by TLS. Do not use ssl or tls1.0 or tls1.1. You should use TLS1.2 or later

Mozilla SSL Generator