On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote: > > Debian 10 omits all the SHA1 entries from the above list. Note that > Debian 10 will only allow SHA1 if the security level is explicitly set > to 0 (via the -cipher "DEFAULT:@SECLEVEL=0" command line arg). Probably > because the debian patch is the same as this one: > > https://github.com/openssl/openssl/pull/10786 That patch is not applied. I assume that SECLEVEL=1 will allow SHA1, but the default in Debian is SECLEVEL=2 Kurt
