Aha! `curl -v --ciphers 'DEFAULT:@SECLEVEL=1' https://www.toodledo.com/` works but `curl -v --ciphers 'DEFAULT:@SECLEVEL=2' https://www.toodledo.com/` fails.
According to https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html, the default security level for the library is 1 if it isn't specified at compile time. Has Canonical made a decision to set a higher security level by default? Oh, wait, it appears that yes it has. `openssl version -a` says `-DOPENSSL_TLS_SECURITY_LEVEL=2`. It appears that this was an intentional change? I question the advisability of this, especially since it doesn't appear that there's any way to override it in a configuration file (is there?). I am not sure it is advisable for command-line tools in the OS to have stricter security level requirements than users' browsers? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1864689 Title: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox Status in openssl package in Ubuntu: New Bug description: openssl in Ubuntu 20.04 (focal) refuses to connect to a web site that openssl in Ubuntu 19.10 (eoan), Chrome, and Firefox are all happy to connect to. Reproduce with: `curl -v https://www.toodledo.com/' or: `openssl s_client -connect www.toodledo.com:443` or: `python3 -c 'import requests; requests.get("https://www.toodledo.com/";)'` or: `wget https://www.toodledo.com/` These worked in Ubuntu 19.10 and don't work in 20.04. I've tried all sorts of things to debug this further and I've just run into walls. I hope someone who understands more about this stuff will be able to figure it out. ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: openssl 1.1.1d-2ubuntu3 ProcVersionSignature: Ubuntu 5.4.0-14.17-generic 5.4.18 Uname: Linux 5.4.0-14-generic x86_64 ApportVersion: 2.20.11-0ubuntu18 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Feb 25 13:01:22 2020 InstallationDate: Installed on 2019-08-16 (192 days ago) InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416) SourcePackage: openssl UpgradeStatus: Upgraded to focal on 2020-01-31 (25 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
