Question about handshake error
Kurt Roeckx
kurt at roeckx.be
Wed Mar 11 13:20:31 UTC 2020
On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote:
>
> Debian 10 omits all the SHA1 entries from the above list. Note that
> Debian 10 will only allow SHA1 if the security level is explicitly set
> to 0 (via the -cipher "DEFAULT:@SECLEVEL=0" command line arg). Probably
> because the debian patch is the same as this one:
>
> https://github.com/openssl/openssl/pull/10786
That patch is not applied. I assume that SECLEVEL=1 will allow
SHA1, but the default in Debian is SECLEVEL=2
Kurt
More information about the openssl-users
mailing list