just to confirm Ubuntu 16.04 - openssl 1.1.1 yes I can restrict TLS to 1.2
Rgds alex
On Thu, 28 Nov 2019 at 13:03, Alex Sharaz alex.sharaz@york.ac.uk wrote:
Cool! many thanks
On Thu, 28 Nov 2019 at 12:23, Fabian Mauchle fabian.mauchle@switch.ch wrote:
On 28.11.19, 13:00, "radsecproxy on behalf of Alex Sharaz" < radsecproxy-bounces@lists.nordu.net on behalf of alex.sharaz@york.ac.uk> wrote:
Having a senior moment, how do you specify tls 1.2 in openssl.cfg ?Without having tested it, my latest Debian stable (buster) has in /etc/ssl/openssl.cnf:
[system_default_sect] MinProtocol = TLSv1.2
According to the openssl source code, there is also a 'MaxProtocol' option.
BR, Fabian
-- SWITCH Fabian Mauchle, Network Engineer Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland Phone +41 44 268 15 30, direct +41 44 268 15 39 fabian.mauchle@switch.ch, http://www.switch.ch