Ubuntu 20.04 turns off TLSv1, TLSv1.1 by default
Closed this issue · 4 comments
Deleted user commented
The intent of the --enable-force-tls12 option (#458) was to disable TLSv1.3 by setting the maximum TLS version to 1.2, not to force both minimum and maximum TLS versions to 1.2.
Compiling with this option seems to have broken clients that only speak older TLS versions, such as Potato.
Deleted user commented
I grossly misread something, here. Ignore me.
Deleted user commented
Found the issue. There's a setting buried in a changelog for the latest Ubuntu LTS release. If the string :@SECLEVEL=1
isn't found at the end of the ssl_cipher_preference_list
tuneable, TLSv1 and TLSv1.1 will be disabled even if every other config option allows it. Might be a good idea to add that to the default tuneable string.