On Fri, Jun 12, 2020 at 03:09:18PM +0200, [email protected] wrote: > Hi, > > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. > > I'm trying to get TLSv1 working (we need this for some legacy clients), so > far without success. > > I've read different things, on the one hand Ubuntu has removed > TLSv1/TLSv1.1 support completely, otherwise that it can be enabled: > http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2/changelog > > > Is there anything that can be set in HAProxy? (apart from > "ssl-default-bind-options ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.2") > > Has anybody more information on this matter or has TLSv1 working in Ubuntu > 20.04 + HAProxy? >
Hi, appending @SECLEVEL=1 to the cipher string I can perform the handshakes using TLSv1.0 and higher on ubuntu 20.04. You don't need to rebuild openssl. I was not able to use s_client -tls1 or -tls1_2 on the 20.04 though, had to try with a different client. It's probably something that you can handle with openssl.cnf, just like the ciphers. frontend in bind *:8443 ssl crt ssl.pem ssl-min-ver TLSv1.0 ciphers ALL:@SECLEVEL=1 -- Jérôme
