Hi Emeric, Willy Up the thread with a compatible configuration view.
1) force-xx force-tlsv12 no-tlsv12 old: do a force-tlsv12 (no-xx ignored without warning) new: warning "all SSL/TLS versions are disabled » It’s not a good configuration, but… It can be changed with: . no-xx ignored when force-xx, min-ssl-ver or max-ssl-ver is used (impact 4 and 5) . generate an error . keep warning, but it can depend on 2) 2) force-tlsv12 with openssl without v1.2 old: error "option not implemented » new: warning "all SSL/TLS versions are disabled » => generate an error? 3) no-tlsv10 old: hole without warning new: warning ‘hole' => i prefer keep warning and not generate error, openssl will deal with that 4) min-ssl-ver TLSv1.0 no-tlsv11 new: warning ‘hole' . no hole if no-tlsxx ignored 5) max-ssl-ver TLSv1.2 no-sslv3 ok but sslv3 will be activate if no-xx are ignored (1) (need at least warning) ++ Manu
