Kurt Roeckx dixit: >On Sat, Sep 24, 2022 at 10:34:19PM +0200, Thorsten Glaser wrote: >> $ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443 >> -legacy_renegotiation -tls1 > >TLS 1.0 is not supported by default because it's insecure. You need >to change the security level to 0, for instance by using the cipher >string DEFAULT@SECLEVEL=0 ^ +colon
Hey, this used to work at @SECLEVEL=2 even, with just MinProtocol changed. Also openssl ciphers shows the same, independent of the number used for @SECLEVEL. How can I find out, for any installed OpenSSL, which settings this mysterious @SECLEVEL influences and which are available? Where is this documented? bye, //mirabilos -- Yay for having to rewrite other people's Bash scripts because bash suddenly stopped supporting the bash extensions they make use of -- Tonnerre Lombard in #nosec