Юрий Коренюк написал: отключить устаревшие версии TLS 1.0 и 1.1
зачем вам лишать доступа к сайту со старых устройств? а если все-таки хотите, смотрите файлы /etc/nginx/bx/conf/ssl.conf /etc/nginx/bx/conf/ssl_options.conf директиву ssl_protocols а после ее изменения, перезапускайте nginx
"The conditional check 'common_manage == 'update_packages'' failed. The error was: cannot import name shlex_quote\n\nThe error appears
to have been in '/etc/ansible/roles/common/tasks/update_packages.yml': line 3, column 3, but may\nbe elsewhere in the file depending on the exact
syntax problem.\n\nThe offending line appears to be:\n\n# configure oldkernel limits\n- name: get server options\n ^ here\n" }
fatal: [server1]: FAILED! => { "failed" : true , "msg" : "The conditional check 'common_manage == 'update_packages'' failed.
The error was: cannot import name shlex_quote\n\nThe error appears to have been in '/etc/ansible/roles/common/tasks/update_packages.yml': line 3, column 3,
but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n# configure oldkernel limits\n-
name: get server options\n ^ here\n" }to retry, use : -- limit @/ etc / ansible / common . retry
Коллеги, приветствую!
Такая же ошибка возникла при обновлении BitrixVM до 7.5.0. При выборе варианта обновлений (bitrix / all) указывал bitrix.
Коллеги, пересобрали и выпустили в релиз обновление пакета bx-nginx. Изменения небольшие: - nginx версия увеличена до 1.20.2 - в сборке openssl обновлен до 1.1.1m - в сборке mod_zip обновлен до 1.2.0 rpm пакет доступен в стабильном и бета репозиториях. Можно обновляться.
написал: а как openssl 1.1.1m активировать? в VMBitrix 7.5.2-бета?после обновления сервера и перезагрузки все равно
Никак. Версия openssl привязана к операционной системе, обновить её нельзя. Компоненты ОС используют эту версию, при смене могут отвалиться. Можно поставить рядом 1.1.1 и вызывать отдельно, пример:
Код
[neo@zion ~]# yum install openssl11
Loaded plugins: etckeeper, fastestmirror, merge-conf
Loading mirror speeds from cached hostfile
* base: mirror.yandex.ru
* epel: mirror.nsc.liu.se
* extras: mirrors.datahouse.ru
* remi: fr2.rpmfind.net
* remi-php81: fr2.rpmfind.net
* remi-safe: fr2.rpmfind.net
* updates: mirrors.datahouse.ru
Resolving Dependencies
--> Running transaction check
---> Package openssl11.x86_64 1:1.1.1k-6.el7 will be installed
--> Processing Dependency: openssl11-libs(x86-64) = 1:1.1.1k-6.el7 for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_0)(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libssl.so.1.1(OPENSSL_1_1_1)(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libcrypto.so.1.1()(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Processing Dependency: libssl.so.1.1()(64bit) for package: 1:openssl11-1.1.1k-6.el7.x86_64
--> Running transaction check
---> Package openssl11-libs.x86_64 1:1.1.1k-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================================================================================
Installing:
openssl11 x86_64 1:1.1.1k-6.el7 epel 693 k
Installing for dependencies:
openssl11-libs x86_64 1:1.1.1k-6.el7 epel 1.5 M
Transaction Summary
================================================================================================================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 2.1 M
Installed size: 4.6 M
Is this ok [y/d/N]: y
Downloading packages:
(1/2): openssl11-libs-1.1.1k-6.el7.x86_64.rpm | 1.5 MB 00:00:00
(2/2): openssl11-1.1.1k-6.el7.x86_64.rpm | 693 kB 00:00:01
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.6 MB/s | 2.1 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
etckeeper: pre transaction commit
Installing : 1:openssl11-libs-1.1.1k-6.el7.x86_64 1/2
Installing : 1:openssl11-1.1.1k-6.el7.x86_64 2/2
etckeeper: post transaction commit
Verifying : 1:openssl11-libs-1.1.1k-6.el7.x86_64 1/2
Verifying : 1:openssl11-1.1.1k-6.el7.x86_64 2/2
Installed:
openssl11.x86_64 1:1.1.1k-6.el7
Dependency Installed:
openssl11-libs.x86_64 1:1.1.1k-6.el7
Complete!
[neo@zion ~]# openssl11 version -a
OpenSSL 1.1.1k FIPS 25 Mar 2021
built on: Sat Nov 25 19:50:12 2023 UTC
platform: linux-x86_64
options: bn(64,64) md2(char) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -Wa,--generate-missing-build-notes=yes -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG -DPURIFY -DDEVRANDOM="\"/dev/urandom\""
OPENSSLDIR: "/etc/pki/tls"
ENGINESDIR: "/usr/lib64/engines-1.1"
Seeding source: os-specific
engines: dynamic