Hello,
the *client* you are using to test this is just as important. Adjust CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher "DEFAULT:@SECLEVEL=0") too. ~# grep SEC /etc/ssl/openssl.cnf CipherString = DEFAULT:@SECLEVEL=2 ~# ~# openssl s_client -connect www.google.com:443 -tls1 CONNECTED(00000003) 804BDAE0FF7E0000:error:0A0000BF:SSL routines:tls_setup_handshake:no protocols available:../ssl/statem/statem_lib.c:104: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- ~# openssl s_client -connect www.google.com:443 -tls1 -cipher "DEFAULT:@SECLEVEL=0" CONNECTED(00000003) depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1 verify return:1 depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3 verify return:1 depth=0 CN = www.google.com verify return:1 [...] cheers, lukas _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
