Enable TLS 1.0 and TLS 1.1 on Ubuntu 20.04

nginx openssl 20.04 tls

Solution 1:

I finally found out how to enable for nginx (afraid I don't know how to do it system-wide) and other services with a configuration allowing changing ciphers.

Source: man ciphers.1ssl

Edit your nginx configuration and amend your cipherlist to add the pseudocipher @SECLEVEL=1.

Example:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

becomes

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# seclevel for TLS 1.0 and 1.1
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:@SECLEVEL=1";

Solution 2:

For GnuTLS, as explained in

https://discourse.ubuntu.com/t/default-to-tls-v1-2-in-all-tls-libraries-in-20-04-lts/12464/8

create /etc/gnutls/config (both directory and files were missing) with the following content:

[overrides]
default-priority-string = NORMAL

This was enough to fix the following error in evolution (due to a pop3 server lacking TLS-1.2 support):

A packet with illegal or unsupported version was received

There were other instructions in this link for system-wide openSSL "fix", not tested.

Related

Unknown Folder on System root /.rpmdb
Different wallpapers on multiple monitors
Keyboard short-cut to switch to a specific workspace using Ctrl-[1-8] on numeric keypad
Does Unity 2d use fewer system resources than Unity 3d?
How can I record Skype conversations?
.deb equivalents to .rpm commands
High CPU usage while playing Flash
Manually turn on CPU fan
How can I install Kobo Desktop on Ubuntu?
How can I update GNOME Shell extensions from the command line?
When I use sudo pip to install software I get the message "the directory... is not owned by the current user"
Will Unity become themeable? [closed]