openssl 1.1.1 has no SSLv2/SSLv3 support and defaults to TLSv1.2 as minimum, what breaks old SSTP client connections via TLSv1.
now it's possible to set ssl-protocol to tls1,tls1.1,tls1.2,tls1.3 if needed.
in case of some protocols/DH/ECDH not supported by openssl library, corresponding warnings will be logged.
themiron
commented
5 years ago
openssl 1.1.1 has no SSLv2/SSLv3 support and defaults to TLSv1.2 as minimum, what breaks old SSTP client connections via TLSv1. now it's possible to set ssl-protocol to tls1,tls1.1,tls1.2,tls1.3 if needed. in case of some protocols/DH/ECDH not supported by openssl library, corresponding warnings will be logged.