• Updated all relevant Debian packages to Buster/10 versions; including MariaDB & PHP 7.3 (for Adminer).
  • New MySQL/MariaDB user account, named "remote" configured for remote connections.
  • Explicitly enabled SSL for MySQL network connections via port 3306.
  • New inithooks to set hostname for remote user host and regenerate MariaDB connection SSL certificates/keys.
  • CLI script 'turnkey-mysql-ssl' and Confconsole plugin to enable/disable MySQL/MariaDB SSL requirement for remote connections.
  • Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1) for WebCP & Adminer. (v15.x TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1).
  • Update SSL/TLS cyphers webservers to provide "Intermediate" browser/client support (suitable for "General-purpose servers with a variety of clients, recommended for almost all systems"). As provided by Mozilla via
  • Updated version of mysqltuner script - now installed as per upstream recommendation.
  • Note: Please refer to turnkey-core's changelog for changes common to all appliances. Here we only describe changes specific to this appliance.