Aha! `curl -v --ciphers 'DEFAULT:@SECLEVEL=1' https://www.toodledo.com/` works but `curl -v --ciphers 'DEFAULT:@SECLEVEL=2' https://www.toodledo.com/` fails.
According to https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html, the default security level for the library is 1 if it isn't specified at compile time. Has Canonical made a decision to set a higher security level by default? Oh, wait, it appears that yes it has. `openssl version -a` says `-DOPENSSL_TLS_SECURITY_LEVEL=2`. It appears that this was an intentional change? I question the advisability of this, especially since it doesn't appear that there's any way to override it in a configuration file (is there?). I am not sure it is advisable for command-line tools in the OS to have stricter security level requirements than users' browsers? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864689 Title: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
