On Sun, Sep 25, 2022 at 02:16:00AM +0000, Thorsten Glaser wrote: > Kurt Roeckx dixit: > > >On Sat, Sep 24, 2022 at 10:34:19PM +0200, Thorsten Glaser wrote: > >> $ openssl s_client -CApath /etc/ssl/certs -connect www.mirbsd.org:443 > >> -legacy_renegotiation -tls1 > > > >TLS 1.0 is not supported by default because it's insecure. You need > >to change the security level to 0, for instance by using the cipher > >string DEFAULT@SECLEVEL=0 > ^ +colon > > Hey, this used to work at @SECLEVEL=2 even, with just MinProtocol > changed. Also openssl ciphers shows the same, independent of the > number used for @SECLEVEL. How can I find out, for any installed > OpenSSL, which settings this mysterious @SECLEVEL influences and > which are available? Where is this documented?
There is /usr/share/doc/openssl/NEWS.md.gz, which says: * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, except when RSA key exchange without SHA1 is used. So this also works: openssl s_client -connect www.mirbsd.org:443 -cipher AES256-SHA -legacy_renegotiation -tls1 That's the only cipher you have with RSA key exchange. Your server doesn't have a preference for ciphers, so picks the first offered by the client, so the order is important. Security levels are documented in SSL_CTX_set_security_level(3): https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_security_level.html SHA1 have been moved to security level 0 because it no longer provides enough security, even when combined with MD5. Kurt