There is still something wrong here. The site in question has fixed the issue in response to my query, and SSL Labs now gives it an A grade:
https://www.ssllabs.com/ssltest/analyze.html?d=www.toodledo.com According to SSL Labs, it supports these two ciphers for TLS 1.2: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) According to openssl ciphers -s -V, both of these are supported by openssl: $ openssl ciphers -s -V | egrep '0xC0,0x(30|2F)' 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD And yet I'm still unable to connect to this server through openssl unless I downgrade the security level to 1. You mentioned there being an SHA1 certificate in the chain, but I don't see one. The certs all seem to be SHA256. I cannot find any evidence that security level 2 blocks the use of certificates with lifetimes of more than a year. Is that an undocumented "feature" of security level 2? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864689 Title: openssl in 20.04 can't connect to site that was fine in 19.10 and is fine in Chrome and Firefox To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1864689/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
