Skip to main content

Return to Answer

notes
Source Link
Nux
Nux
  • 9.8k
  • 5
  • 61
  • 74

Note that the error might also occur when your system have TLSv1 disabled. Like e.g Ubuntu 20.x have TLSv1.0 disabled by default. For example if you have something like this:

Apache 2.4.41 on Ubutntu20 (proxy) --[https]--> old Apache serving TLS v1.0

SSLProxyVerify etc will not help you.

What you need to do is to enable TLS 1.0 in openssl.conf. At least until you can update the old server πŸ™Š...

Enabling old TLS on Ubuntu

So in Ubuntu 20.04.3 TLS to effectively enable TLSv1 change /etc/ssl/openssl.cnf. At the top of the file (before any sections) add:

# Added to enable TLS1.0
openssl_conf = default_conf

And on the very end of the file

##
# Added to enable TLS1.0
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
##

Comments are obviously not required πŸ˜‰, but will help when you want to disable TLS1 again.

Once you restart / reboot everything should work fine.

Note that this is a global (system-wide) change. So it is not ideal, but it just works. See also: more notes about Ubuntu and default TLS versions.

Note that the error might also occur when your system have TLSv1 disabled. Like e.g Ubuntu 20.x have TLSv1.0 disabled by default. For example if you have something like this:

Apache 2.4.41 on Ubutntu20 (proxy) --[https]--> old Apache serving TLS v1.0

SSLProxyVerify etc will not help you.

What you need to do is to enable TLS 1.0 in openssl.conf. At least until you can update the old server πŸ™Š...

Enabling old TLS on Ubuntu

So in Ubuntu 20.04.3 TLS to enable TLSv1 change /etc/ssl/openssl.cnf. At the top of the file (before any sections) add:

# Added to enable TLS1.0
openssl_conf = default_conf

And on the very end of the file

##
# Added to enable TLS1.0
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
##

Comments are obviously not required πŸ˜‰, but will help when you want to disable TLS1 again.

Once you restart / reboot everything should work fine.

Note that the error might also occur when your system have TLSv1 disabled. Like e.g Ubuntu 20.x have TLSv1.0 disabled by default. For example if you have something like this:

Apache 2.4.41 on Ubutntu20 (proxy) --[https]--> old Apache serving TLS v1.0

SSLProxyVerify etc will not help you.

What you need to do is to enable TLS 1.0 in openssl.conf. At least until you can update the old server πŸ™Š...

Enabling old TLS on Ubuntu

So in Ubuntu 20.04.3 TLS to effectively enable TLSv1 change /etc/ssl/openssl.cnf. At the top of the file (before any sections) add:

# Added to enable TLS1.0
openssl_conf = default_conf

And on the very end of the file

##
# Added to enable TLS1.0
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
##

Comments are obviously not required πŸ˜‰, but will help when you want to disable TLS1 again.

Once you restart / reboot everything should work fine.

Note that this is a global (system-wide) change. So it is not ideal, but it just works. See also: more notes about Ubuntu and default TLS versions.

Source Link
Nux
Nux
  • 9.8k
  • 5
  • 61
  • 74

Note that the error might also occur when your system have TLSv1 disabled. Like e.g Ubuntu 20.x have TLSv1.0 disabled by default. For example if you have something like this:

Apache 2.4.41 on Ubutntu20 (proxy) --[https]--> old Apache serving TLS v1.0

SSLProxyVerify etc will not help you.

What you need to do is to enable TLS 1.0 in openssl.conf. At least until you can update the old server πŸ™Š...

Enabling old TLS on Ubuntu

So in Ubuntu 20.04.3 TLS to enable TLSv1 change /etc/ssl/openssl.cnf. At the top of the file (before any sections) add:

# Added to enable TLS1.0
openssl_conf = default_conf

And on the very end of the file

##
# Added to enable TLS1.0
[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
##

Comments are obviously not required πŸ˜‰, but will help when you want to disable TLS1 again.

Once you restart / reboot everything should work fine.