Re: TLSv1 on CentOS-8

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
> 
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL. 
> 
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl 
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully 
> 
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c  28 May 2019
> 
> 
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
> 
> Can someone please help me with this?

You should not need to recompile openssl or anything. 

Just run:

update-crypto-policies --set LEGACY

and restart the service that is supposed to be providing the TLS1
server or reboot the machine.

The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux