Thanks a lot; It really helped -------- Regards, Junaid
On Wed, Apr 15, 2020 at 5:04 PM Tomas Mraz <tm...@redhat.com> wrote: > On Wed, 2020-04-15 at 16:57 +0100, Junaid Mukhtar wrote: > > Hi Team > > > > I am trying to enable TLSv1 on CentOS-8. We don't have the ability to > > upgrade the server unfortunately so we need to enable TLSv1 with > > weak-ciphers on OpenSSL. > > > > I have tried to build the OpenSSL version manually using switches > > "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl > > shared enable-weak-ssl-ciphers enable-deprecated enable-rc4 enable- > > tls1 zlib" which ran successfully > > > > [root@2cb6477375aa openssl-OpenSSL_1_1_1c]# openssl version > > OpenSSL 1.1.1c 28 May 2019 > > > > > > But i am still not able to run the "openssl s_client -connect " > > command without specifying -tls1 in it. Build accepts the weak- > > ciphers but not the tls1 version. > > > > Can someone please help me with this? > > You should not need to recompile openssl or anything. > > Just run: > > update-crypto-policies --set LEGACY > > and restart the service that is supposed to be providing the TLS1 > server or reboot the machine. > > The LEGACY crypto policy purpose is exactly for re-enabling some of the > not-up-to-date protocols and crypto algorithms. > > -- > Tomáš Mráz > No matter how far down the wrong road you've gone, turn back. > Turkish proverb > [You'll know whether the road is wrong if you carefully listen to your > conscience.] > > >
