在Ubuntu 20.04上启用TLS 1.0和TLS 1.1

我最近将服务器重新安装到Ubuntu 20.04。

A support call came in and after a few days, I managed to notice that TLS v1.0 and v1.1 were not being provided by my web server, nginx. The configuration was fine and explicitly enables TLSv1 and TLSv1.1. Nothing appeared in nginx's logs…

稍后,我注意到TLS 1.0或1.1似乎不再起作用。

openssl s_client -tls1 -connect matrix.org:443 doesn't work (it fails with no protocols available), whereas it does under Ubuntu 18.04.

Someone else at this question is no longer able to connect to their MySQL server that doesn't support TLS v1.2.

我开始怀疑这可能是对Ubuntu的有意更改,但是我在发行说明中找不到任何内容,而且我也找不到如何重新启用TLS v1.0和v1.1的方法,因为我真的需要它来支持某些老用户的设备(主要是Android手机)。

如何重新启用TLS v1.0和/或v1.1?

非常感谢。

I tried modifying /etc/ssl/openssl.cnf (which is symlinked to by /usr/lib/ssl/openssl.cnf) to add

openssl_conf = default_conf

[ default_conf ]
ssl_conf = ssl_sect

[ ssl_sect ]
system_default = system_default_sect

[ system_default_sect ]
MinProtocol = TLSv1
DEFAULT@SECLEVEL = 1

This did not result in any difference when using the openssl command shown before (I tried both 'TLSv1' and 'TLSv1.0' as the MinProtocol).

评论