From the
Admin menu, you can configure security by selecting
User Security from under the Security section.
| Option |
Description |
| Session timeout |
Log out users after this many minutes of inactivity (1-480 minutes). |
| Require strong passwords |
Require passwords to be at least 8 characters and contain at least one uppercase
letter, lowercase letter, number, and symbol. |
| Password expiration interval: |
Number of days before a user must change the password (1-720 or blank). |
| Failed login count |
Number of failed logins within the Failed login interval that
will before Shares locks the account (1-20). |
| Failed login interval |
Number of minutes within which hitting the Failed login count
locks the account (1-60). |
| Self registration |
Determines whether non-users can create or request user accounts.
- None: Not allowed.
- Moderated: An admin must approve the account before it is created. If you
allow self-registration, the moderated setting is recommended
for security.
- Unmoderated: After a user registers, the user’s account is automatically
created.
|
Removing Support for TLS 1.0 and 1.1
The default configuration of Shares
has TLS 1.0, 1.1 and 1.2 enabled. Older browsers require the older and less secure version of
TLS 1.0. You may disable support for these older browsers by removing TLS 1.0 from the
configuration. To remove TLS 1.0 from the configuration, edit the nginx.conf file located at
/opt/aspera/shares/etc/nginx/nginx.conf. Find the following
line:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Remove "TLSv1" and "TLSv1.1.
For
example:
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM[...]
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
# ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;