How do I disable TLS 1.0 and 1.1 on Shiny server pro

shiny-server

#1

...

I have a shiny server running and configured so that users can connect to it via https; to do this I followed the guide at: https://support.rstudio.com/hc/en-us/articles/218554798-Shiny-Server-Quick-Start-Host-a-secure-Shiny-Server-Pro-only-

Everything seems fine, but now I want to disable TLS 1.0 and 1.1; I've found a number of posts online that suggest adding a line like the following to my /etc/shiny-server/shiny-server.conf

 ssl_protocols TLSv1.2;

But after adding it, the shiny server fails to launch; shiny.log gives the error:

 Error loading config: Unknown directive "ssl_protocols" (/etc/shiny-server/shiny-server.conf:16:3)

Great; apparently, ssl_protocols isn't the correct directive (seems to be more of an nginx directive), so how do I disable the older TLS protocols?


#2

Hi, unfortunately there isn't a way to control SSL settings like this directly with Shiny Server Pro.

I think you're right, the posts you found were talking about running Shiny Server "behind" nginx, which is a fine way to do it. It's definitely the direction I recommend going if you want this degree of control over SSL settings.

There's a good RStudio support article about it that I recommend: https://support.rstudio.com/hc/en-us/articles/213733868-Running-Shiny-Server-with-a-Proxy


#3

FYI, we're going to add the ability to disable TLS 1.0 and/or 1.1 in the next version of Shiny Server Pro (1.5.8, expected to ship in late August). Thanks for the feedback.


#4

Thats awesome. Thank you.

-mtie