On 22.4.2024 11.01, Yuko Doki (Fujitsu) via openssl-users wrote:
I have not configured any providers, so the default provider will be used.
When using RedHat Linux distribution, "@SECLEVEL=0" did not seem to work.
The versions are as follows.
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
Will changing the provider in the file "openssl.cnf" have any effect?
I also tried with OpenSSL built from the source downloaded from "https://www.openssl.org/source/";, on Solaris.
This time, adding "@SECLEVEL=0" was effect, the TLS1.0 connection was successful.
The versions are as follows.
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
This problem seems to occur only in the RedHat distribution, so it might be better to ask RedHat.
See RedHat documentation about their system-wide crypto policies:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening
There's, for example, a table that tells that TLSv1.1 and earlier are
not enabled by default. With RHEL 8 they could be enabled, but with 9 it
seems the can not. Even with command 'update-crypto-policies' it appears
not possible to enable TLSv1.0.
Please let us know how it goes,
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
