On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote:
> Hi,
> 
> currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14.
> 
> I'm trying to get TLSv1 working (we need this for some legacy clients), so
> far without success.
> 
> I've read different things, on the one hand Ubuntu has removed
> TLSv1/TLSv1.1 support completely, otherwise that it can be enabled:
> http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2/changelog
> 
> 
> Is there anything that can be set in HAProxy? (apart from
> "ssl-default-bind-options ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.2")
> 
> Has anybody more information on this matter or has TLSv1 working in Ubuntu
> 20.04 + HAProxy?
>

Hi,

appending @SECLEVEL=1 to the cipher string I can perform the handshakes
using TLSv1.0 and higher on ubuntu 20.04. You don't need to rebuild
openssl. I was not able to use s_client -tls1 or -tls1_2 on the 20.04
though, had to try with a different client. It's probably something that
you can handle with openssl.cnf, just like the ciphers.

frontend in
  bind *:8443 ssl crt ssl.pem ssl-min-ver TLSv1.0  ciphers ALL:@SECLEVEL=1


-- 
Jérôme

Reply via email to