TLSv1 on CentOS-8

Junaid Mukhtar junaid.mukhtar at gmail.com
Wed Apr 15 16:13:16 UTC 2020


Thanks a lot; It really helped

--------
Regards,
Junaid


On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <tmraz at redhat.com> wrote:

> On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote:
> > Hi Team
> >
> > I am trying to enable TLSv1 on CentOS-8. We don't have the ability to
> > upgrade the server unfortunately so we need to enable TLSv1 with
> > weak-ciphers on OpenSSL.
> >
> > I have tried to build the OpenSSL version manually using switches
> > "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
> > shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable-
> > tls1 zlib" which ran successfully
> >
> > [root at 2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version
> > OpenSSL 1.1.1c  28 May 2019
> >
> >
> > But i am still not able to run the "openssl s_client -connect "
> > command without specifying -tls1 in it. Build accepts the weak-
> > ciphers but not the tls1 version.
> >
> > Can someone please help me with this?
>
> You should not need to recompile openssl or anything.
>
> Just run:
>
> update-crypto-policies --set LEGACY
>
> and restart the service that is supposed to be providing the TLS1
> server or reboot the machine.
>
> The LEGACY crypto policy purpose is exactly for re-enabling some of the
> not-up-to-date protocols and crypto algorithms.
>
> --
> Tomáš Mráz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
> [You'll know whether the road is wrong if you carefully listen to your
> conscience.]
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200415/a270b8c5/attachment.html>


More information about the openssl-users mailing list