WOW! It worked!!! THANKS!!! I configured my NGINX with "ssl_ciphers ...:@SECLEVEL=0;".
Thank you!!!! Thank you!!! On Thu, Aug 25, 2022 at 4:31 PM Lukas Tribus wrote: > > Hello, > > > the *client* you are using to test this is just as important. Adjust > CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher > "DEFAULT:@SECLEVEL=0") too. > > ~# grep SEC /etc/ssl/openssl.cnf > CipherString = DEFAULT:@SECLEVEL=2 > ~# > ~# openssl s_client -connect www.google.com:443 -tls1 > CONNECTED(00000003) > 804BDAE0FF7E0000:error:0A0000BF:SSL routines:tls_setup_handshake:no > protocols available:../ssl/statem/statem_lib.c:104: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 7 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > --- > ~# openssl s_client -connect www.google.com:443 -tls1 -cipher > "DEFAULT:@SECLEVEL=0" > CONNECTED(00000003) > depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 > verify return:1 > depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 > verify return:1 > depth=0 CN = www.google.com > verify return:1 > [...] > > > > cheers, > lukas > _______________________________________________ > nginx mailing list -- nginx@nginx.org > To unsubscribe send an email to nginx-le...@nginx.org _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org