Xavier Belanger wrote:
Hi,
Leonardo Rodrigues <leolis...@solutti.com.br> wrote:
You nailed it, Viktor and Xavier, it was the default system-wide
setup on the CentOS 8 OS from file
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
setting MinProtocol to TLSv1 there did the trick.
Thank you guys!
You're welcome.
One piece of advice: that file may be considered as a "system
file" and could be overwritten in the future by some CentOS
update. Make sure to document that change and to keep an eye
of that file; or to define your own policy (custom policies
are not overwritten).
It should be possible to set options like this in /etc somewhere, which
shouldn't be overwritten on package upgrades. I'm not sure where
CentOS/RHEL/Fedora have put the relevant OpenSSL configuration recently,
but on Debian and derivatives this can be set in /etc/ssl/openssl.cnf.
-kgd
