Hello!
I can’t seem to find network security commands for the Nextcloud snap. We have a security scanning tool at work that complain about certain things about ciphers and other stuff.
I’m not allowed editing the config files in this directory: (error writing ssl.conf: Read-only file system) /snap/nextcloud/current/conf/ssl.conf
There is a service called “nextcloud.apache” but that seems to have no configuration abilities.
I want to disable a specific ciphers and also TLS 1.0 and 1.1.
Security tool message:
DHE’ cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Background info:
Impact:
This vulnerability allows remote attackers (from the client side)
to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE
modular-exponentiation calculations, also known as a D(HE)ater attack.
How can I solve this? Thanks