Currently the openssl security level is set to 0 when making and
receiving proxied connections, but ca and client certificates
specified in config are pre-loaded using a temporary ssl context
that does not have the security level explicity reduced, resulting
in failure to load, for example 1024-bit RSA client certs
Fix by lowering the seclevel on all temp contexts as well
sonertari
commented
3 years ago
Currently the openssl security level is set to 0 when making and receiving proxied connections, but ca and client certificates specified in config are pre-loaded using a temporary ssl context that does not have the security level explicity reduced, resulting in failure to load, for example 1024-bit RSA client certs
Fix by lowering the seclevel on all temp contexts as well