On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> Hi Team
>
> I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> upgrade the server unfortunately so we need to enable TLSv1 with
> weak-ciphers on OpenSSL.
>
> I have tried to build the OpenSSL version manually using switches
> "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> tls1 zlib" which ran successfully
>
> [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> OpenSSL 1.1.1c 28 May 2019
>
>
> But i am still not able to run the "openssl s_client -connect "
> command without specifying -tls1 in it. Build accepts the weak-
> ciphers but not the tls1 version.
>
> Can someone please help me with this?
You should not need to recompile openssl or anything.
Just run:
update-crypto-policies --set LEGACY
and restart the service that is supposed to be providing the TLS1
server or reboot the machine.
The LEGACY crypto policy purpose is exactly for re-enabling some of the
not-up-to-date protocols and crypto algorithms.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
