Using OpenSSL 3.0.1 and TLS 1.1 and lower will usually fail

[PSanetra]

Support for TLS 1.1 and lower was moved to security level 0 in OpenSSL 3.0.1. This implies by default usually those protocolls will not be supported without further configuration.

Reproduce

• Server Software: nginx
• Mozilla Configuration: Old
• Server Version: 1.23.0
• OpenSSL Version: 3.0.1

The configuration will generate a nginx configuration that lists TLS 1.1 and 1.0, but those protocols will usually not work when OpenSSL 3.0.1 or higher is used at the same time.

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

Starting an nginx server with this configuration and issuing a TLS 1.1 or TLS 1.0 request against it will result in a SSL error like the following:

2023/01/02 17:41:13 [info] 39#39: *2 SSL_do_handshake() failed (SSL: error:0A000076:SSL routines::no suitable signature algorithm) while SSL handshaking, client: 192.168.192.3, server: 0.0.0.0:443

Related: nginxinc/docker-nginx#743

[ghen2]

Does it work if you append :@SECLEVEL=0 to your cipher string?

This may have more implications than just re-enabling TLSv1.0 and 1.1 (or rather: SHA1 and MD5 signature algorithms, used by these protocols) though, depending on the OpenSSL version. See man SSL_CTX_set_security_level(3) on the same machine.