Question about handshake error

Kurt Roeckx kurt at
Wed Mar 11 13:20:31 UTC 2020

On Wed, Mar 11, 2020 at 12:15:32PM +0000, Matt Caswell wrote:
> Debian 10 omits all the SHA1 entries from the above list. Note that
> Debian 10 will only allow SHA1 if the security level is explicitly set
> to 0 (via the -cipher "DEFAULT:@SECLEVEL=0" command line arg). Probably
> because the debian patch is the same as this one:

That patch is not applied. I assume that SECLEVEL=1 will allow
SHA1, but the default in Debian is SECLEVEL=2


More information about the openssl-users mailing list