karljohns0n / nginx-more

Development repository for nginx-more package
MIT License
120 stars 29 forks source link

how can i enable TLSv1.0 and TLSv 1.1 on nginx-more-1.22? #35

Closed yepmen closed 2 years ago

karljohns0n commented 2 years ago

Hello,

You need to add @SECLEVEL=0 to your cipher list.

See: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html

Karl

yepmen commented 2 years ago

it does not working, may i need to recompile nginx-more from source code? thanks you!

yepmen commented 2 years ago

TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3 is working with nginx-more-1.20.4 on my server Centos 7.9, but when i upgraded to nginx-more-1.22 by YUM, TLSv1.0, TLSv1.1 does not working anymore.

karljohns0n commented 2 years ago

Hello,

Did you add @SECLEVEL=0 to your ciphers list like I said? It works well for me on CentOS 7 with nginx-more 1.22, see testssl.sh results:

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered (deprecated)
 TLS 1.1    offered (deprecated)
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)
yepmen commented 2 years ago

It workes now, thanks!