Kurt Roeckx dixit:
>On Sat, Sep 24, 2022 at 10:34:19PM +0200, Thorsten Glaser wrote:
>> $ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443
>> -legacy_renegotiation -tls1
>
>TLS 1.0 is not supported by default because it's insecure. You need
>to change the security level to 0, for instance by using the cipher
>string DEFAULT@SECLEVEL=0
^ +colon
Hey, this used to work at @SECLEVEL=2 even, with just MinProtocol
changed. Also openssl ciphers shows the same, independent of the
number used for @SECLEVEL. How can I find out, for any installed
OpenSSL, which settings this mysterious @SECLEVEL influences and
which are available? Where is this documented?
bye,
//mirabilos
--
Yay for having to rewrite other people's Bash scripts because bash
suddenly stopped supporting the bash extensions they make use of
-- Tonnerre Lombard in #nosec
