On 22/07/20 9:02 am, Xavier Belanger wrote:
Hi,
Leonardo Rodrigues <leolis...@solutti.com.br> wrote:
You nailed it, Viktor and Xavier, it was the default system-wide
setup on the CentOS 8 OS from file
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
setting MinProtocol to TLSv1 there did the trick.
Thank you guys!
You're welcome.
One piece of advice: that file may be considered as a "system
file" and could be overwritten in the future by some CentOS
update. Make sure to document that change and to keep an eye
of that file; or to define your own policy (custom policies
are not overwritten).
Indeed this is correct, in fact I just checked and verified that file is
not marked as a config file so it will be overwritten on update.
I would suggest modifying /etc/crypto-policies/config and changing it to
LEGACY instead. This change won't be overwritten by updates.
Peter
