[Pkg-openssl-devel] Bug#1020652: Bug#1020652: openssl: tls_process_key_exchange:internal error:../ssl/statem/statem_clnt.c:2254:
Thorsten Glaser
tg at mirbsd.de
Sun Sep 25 03:16:00 BST 2022
Kurt Roeckx dixit:
>On Sat, Sep 24, 2022 at 10:34:19PM +0200, Thorsten Glaser wrote:
>> $ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443 -legacy_renegotiation -tls1
>
>TLS 1.0 is not supported by default because it's insecure. You need
>to change the security level to 0, for instance by using the cipher
>string DEFAULT at SECLEVEL=0
^ +colon
Hey, this used to work at @SECLEVEL=2 even, with just MinProtocol
changed. Also openssl ciphers shows the same, independent of the
number used for @SECLEVEL. How can I find out, for any installed
OpenSSL, which settings this mysterious @SECLEVEL influences and
which are available? Where is this documented?
bye,
//mirabilos
--
Yay for having to rewrite other people's Bash scripts because bash
suddenly stopped supporting the bash extensions they make use of
-- Tonnerre Lombard in #nosec
More information about the Pkg-openssl-devel
mailing list