RSS Feed unable to be pulled from site that had SSLv2, v3, and TLSv1.0 disabled

0
votes

Recently, we changed our website's SSL protocols to disable SSLv2, v3, and TLSv1.0 - leaving TLS v1.1 and v1.2 enabled.

We noticed that another one of our sides who gets the RSS feed of the said site now has troubles trying to pull the RSS feed from the first site. Before the change, the RSS feeds were working 100% fine.

Is there any reason RSS feeds would stop getting pulled due to the disabled old SSL protocols? I'm not sure why this would happen as I'm not aware of any incompatibility with RSS feeds and the newer TLS protocols.

Our workaround will be to serve the rss feed without SSL, but I'm hoping there's a way we can solve and understand this problem.

The rough set up is :

User => Reverse Proxy => Public Website w/ RSS Feed

Staff => Intranet <=/= Pull Public Website RSS feed

1
sslnginxrsstls1.2

1 Answers

0
votes

The SSL/TLS part of the HTTPS client you use to pull the RSS feed has no support or is configured to not support these newer protocols. It was relying on being able to use those older protocols. The problem is not specific to RSS. To fix this find this client (in the code generating the output of your website, that which is running behind your reverse proxy) and fix its configuration or upgrade it or replace it with one that does support the newer protocols. Try if the code still fails with a current version of your software stack. Older versions of HTTPS clients didn't support those protocols yet. If that doesn't help and it is not obvious why the code does not work with the newer protocols extract an example from it and possibly ask a new question with that.