Enabling TLS 1.0 / 1.1 on Debian Testing
Maxim Dounin
mdounin at mdounin.ru
Thu Nov 15 18:25:48 UTC 2018
Hello!
On Thu, Nov 15, 2018 at 12:17:39PM -0500, kmansoft wrote:
> Cross posting from https://unix.stackexchange.com/questions/481963, this
> seems to be the better place to ask.
>
> ---
>
> Just updated Debian from "stable" 9.* to "testing" 10.*.
>
> Have nginx 1.14 - used to come from "stable backports" now included in
> Debian itself.
>
> Seeing a strange issue with TLS versions in nginx.
>
> TLS 1.3 is enabled, and 1.2 is too, but I can't seem to get TLS 1.0 / 1.1
> even though they're included in nginx configs.
[...]
Upgrade to nginx 1.15.3+, this problem is expected to be addressed by
this commit:
http://hg.nginx.org/nginx/rev/7ad0f4ace359
Alternatively, you can modify (and/or disable via the OPENSSL_CONF
environment variable specifically for nginx) system-wide OpenSSL
configuration file which disables protocols before TLS 1.2.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list