You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Support for TLS 1.1 and lower was moved to security level 0 in OpenSSL 3.0.1. This implies by default usually those protocolls will not be supported without further configuration.
Reproduce
Server Software: nginx
Mozilla Configuration: Old
Server Version: 1.23.0
OpenSSL Version: 3.0.1
The configuration will generate a nginx configuration that lists TLS 1.1 and 1.0, but those protocols will usually not work when OpenSSL 3.0.1 or higher is used at the same time.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
Starting an nginx server with this configuration and issuing a TLS 1.1 or TLS 1.0 request against it will result in a SSL error like the following:
Does it work if you append :@SECLEVEL=0 to your cipher string?
This may have more implications than just re-enabling TLSv1.0 and 1.1 (or rather: SHA1 and MD5 signature algorithms, used by these protocols) though, depending on the OpenSSL version. See man SSL_CTX_set_security_level(3) on the same machine.
Support for TLS 1.1 and lower was moved to security level 0 in OpenSSL 3.0.1. This implies by default usually those protocolls will not be supported without further configuration.
Reproduce
The configuration will generate a nginx configuration that lists TLS 1.1 and 1.0, but those protocols will usually not work when OpenSSL 3.0.1 or higher is used at the same time.
Starting an nginx server with this configuration and issuing a TLS 1.1 or TLS 1.0 request against it will result in a SSL error like the following:
Related: nginxinc/docker-nginx#743
The text was updated successfully, but these errors were encountered: