Open jujiale opened 2 weeks ago
ssl_protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv3
No need to specify SSLv3
. TLSv1.3
is enough.
SSLv3 is an outdated and insecure protocol, and it's recommended to use more secure versions like TLSv1.2 or TLSv1.3.
If you must enable SSLv3, you can first test the behavior of NGINX. Apache APISIX is consistent with NGINX in this ability.
Description
Hello,for some reason,we need to support SSLv3 TLSv1 TLSv1.1 in our apisix, I added TLSv1 and TLSv1.1 ssl_ciphers. after doing this. I test it with my java client(specify TLS version), it works fine,the following is my config: `
` the above config works fine. I test TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 , all ok.
in my apisix machine, openssl version is v1.1.1s. I use the following command: `
`
then I add the cipher in ssl_ciphers and add protol SSLv3 in ssl_protocols: `
`
I added crt and key in apisix ssl model,as below:![image](https://github.com/apache/apisix/assets/48037235/9ccf31d7-e801-4e02-acf3-56a439f97098)
then I use java client specify SSLv3 ,send a request. the handshake is failed:![image](https://github.com/apache/apisix/assets/48037235/4620fe00-0d39-49ce-b1b5-591523f134b6)
what more confuse me is when config ssl_protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 SSLv3,I use java client specify SSLv3 ,send a request. the packet is indicate using TLSv1, I do not know why.![image](https://github.com/apache/apisix/assets/48037235/2ee58f7e-69a8-4c57-b026-0adb7f9b5382)
I want to know, how support SSLv3 in apisix, need your help, thanks
Environment
apisix version
): 2.15.0uname -a
):Linux 3.10.0-1160.71.1.el7.x86_64openresty -V
ornginx -V
):openresty/1.21.4.2curl http://127.0.0.1:9090/v1/server_info
):3.5.0luarocks --version
):