Am Fr., 12. Juni 2020 um 16:02 Uhr schrieb Jerome Magnin <jer...@layaute.net >:
> On Fri, Jun 12, 2020 at 03:09:18PM +0200, bjun...@gmail.com wrote: > > Hi, > > > > currently i'm testing Ubuntu 20.04 and HAProxy 2.0.14. > > > > I'm trying to get TLSv1 working (we need this for some legacy clients), > so > > far without success. > > > > I've read different things, on the one hand Ubuntu has removed > > TLSv1/TLSv1.1 support completely, otherwise that it can be enabled: > > > http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2/changelog > > > > > > Is there anything that can be set in HAProxy? (apart from > > "ssl-default-bind-options ssl-min-ver TLSv1.0 ssl-max-ver TLSv1.2") > > > > Has anybody more information on this matter or has TLSv1 working in > Ubuntu > > 20.04 + HAProxy? > > > > Hi, > > appending @SECLEVEL=1 to the cipher string I can perform the handshakes > using TLSv1.0 and higher on ubuntu 20.04. You don't need to rebuild > openssl. I was not able to use s_client -tls1 or -tls1_2 on the 20.04 > though, had to try with a different client. It's probably something that > you can handle with openssl.cnf, just like the ciphers. > > frontend in > bind *:8443 ssl crt ssl.pem ssl-min-ver TLSv1.0 ciphers ALL:@SECLEVEL=1 > > > -- > Jérôme > Thanks Jérôme, that does the trick. Best regards / Mit freundlichen Grüßen Bjoern
