On Fri, 2020-04-17 at 13:03 -0400, Viktor Dukhovni wrote:
> On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
>
> > Or you could modify the /etc/pki/tls/openssl.cnf:
> > Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> > line in it and insert something like:
> >
> >
On Fri, Apr 17, 2020 at 06:06:56PM +0100, Junaid Mukhtar wrote:
> Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
> that via Tomas recommendation it enables rc4 cipher.
Yes, but in OpenSSL 1.1.1, it is not clear why enabling the protocol has
any impact on the cipher sel
Hi, we have a requirement to enable tlsv1 for an edge case. When we enable
that via Tomas recommendation it enables rc4 cipher.
We want to disable rc4 but keep tlsv1 and that's why the ask for the
process
Thanks,
On Fri, 17 Apr 2020 at 18:04, Viktor Dukhovni
wrote:
> On Fri, Apr 17, 2020 at 05
On Fri, Apr 17, 2020 at 05:17:47PM +0200, Tomas Mraz wrote:
> Or you could modify the /etc/pki/tls/openssl.cnf:
> Find the .include /etc/crypto-policies/back-ends/opensslcnf.config
> line in it and insert something like:
>
> CipherString =
> @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:!D
Note: This is better asked on the CentOS support forums, since it asks
about changes that CentOS made to OpenSSL.
This is an unsupported configuration, and will be overwritten if you audit
or reinstall the crypto-policies package. Also, I haven't looked to see
where /etc/crypto-policies/back-ends
It will be possible via Custom crypto policies in 8.2 release.
It can be solved only in a hackish way on 8.1.
You can manually edit /etc/crypto-policies/back-ends/openssl*.config
files however that will not survive further runs of update-crypto-
policies or package updates.
Or you could modify t
Hi Tomas
Is it possible to enable legacy protocols/ciphers but disable only one. In
particular we want RC4-SHA to be disable
Regards,
Junaid
On Wed, Apr 15, 2020 at 5:13 PM Junaid Mukhtar
wrote:
> Thanks a lot; It really helped
>
>
> Regards,
> Junaid
>
>
> On Wed, Apr 15, 2
