Enabling TLS 1.0 / 1.1 on Debian Testing

Maxim Dounin mdounin at mdounin.ru
Thu Nov 15 18:25:48 UTC 2018


Hello!

On Thu, Nov 15, 2018 at 12:17:39PM -0500, kmansoft wrote:

> Cross posting from https://unix.stackexchange.com/questions/481963, this
> seems to be the better place to ask.
> 
> ---
> 
> Just updated Debian from "stable" 9.* to "testing" 10.*.
> 
> Have nginx 1.14 - used to come from "stable backports" now included in
> Debian itself.
> 
> Seeing a strange issue with TLS versions in nginx.
> 
> TLS 1.3 is enabled, and 1.2 is too, but I can't seem to get TLS 1.0 / 1.1
> even though they're included in nginx configs.

[...]

Upgrade to nginx 1.15.3+, this problem is expected to be addressed by 
this commit:

http://hg.nginx.org/nginx/rev/7ad0f4ace359

Alternatively, you can modify (and/or disable via the OPENSSL_CONF 
environment variable specifically for nginx) system-wide OpenSSL 
configuration file which disables protocols before TLS 1.2.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx mailing list