{"id":192,"date":"2022-05-19T16:03:15","date_gmt":"2022-05-19T16:03:15","guid":{"rendered":"https:\/\/pipeawk.com\/?p=192"},"modified":"2022-05-19T16:03:15","modified_gmt":"2022-05-19T16:03:15","slug":"openssl-enable-legacy-renegotiation","status":"publish","type":"post","link":"https:\/\/pipeawk.com\/index.php\/2022\/05\/19\/openssl-enable-legacy-renegotiation\/","title":{"rendered":"Openssl Enable Legacy Renegotiation"},"content":{"rendered":"\r\n<p>If you see an error specifying something similar to &#8220;<strong>unsafe legacy renegotiation disabled<\/strong>&#8221; when attempting a secure <strong>TSL\/SSL<\/strong> connection. I have the solution for you. I decided to write this post because searching the Internet did not find any solutions, so I had to roll my sleeves up, and use the old school approach. To actually understand and troubleshoot the problem.<\/p>\r\n<p>If you get this error, <!--more-->your openssl binaries are compiled with legacy renegotiation disabled by default. This disables any non TLS 1.3 libraries and certificates renegotiation to a lower standard. I received this error when using Ubuntu 22.04. You may receive this error only on newer Linux distribution.<\/p>\r\n<p>In order to get around this problem, while the rest of the world goes to TLS 1.3, simply follow the steps below to update the file <strong>\/etc\/ssl\/openssl.cnf<\/strong>. The location of the file might be different in your system. Should you have issues finding the file, open a terminal window and type the command &#8220;<strong>openssl version -a<\/strong>&#8220;. This command lists the version and the directory used by openssl, in there, in the etc folder, you will find the file openssl.cnf.<\/p>\r\n<p>Now use the editor of your choice to modify the file, you will probably need to edit as root via logging in as root, or issuing the sudo command.<\/p>\r\n<p>At the very beginning of the file, insert the following config:<\/p>\r\n<blockquote>\r\n<p><strong>openssl_conf = openssl_init<\/strong><\/p>\r\n<\/blockquote>\r\n<p>At the end of the file, insert the following config:<\/p>\r\n<blockquote>\r\n<p><strong>[openssl_init]<\/strong><br \/><strong>ssl_conf = ssl_sect<\/strong><br \/><br \/><strong>[ssl_sect]<\/strong><br \/><strong>system_default = system_default_sect<\/strong><br \/><br \/><strong>[system_default_sect]<\/strong><br \/><strong>MinProtocol = TLSv1.2<\/strong><br \/><strong>CipherString = DEFAULT@SECLEVEL=1<\/strong><br \/><strong>Options = UnsafeLegacyRenegotiation<\/strong><\/p>\r\n<\/blockquote>\r\n<p>And the error should be gone. Enjoy and type away!<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>If you see an error specifying something similar to &#8220;unsafe legacy renegotiation disabled&#8221; when attempting a secure TSL\/SSL connection. I have the solution for you. I decided to write this post because searching the Internet did not find any solutions, so I had to roll my sleeves up, and use the old school approach. To &hellip; <a href=\"https:\/\/pipeawk.com\/index.php\/2022\/05\/19\/openssl-enable-legacy-renegotiation\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Openssl Enable Legacy Renegotiation&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-192","post","type-post","status-publish","format-standard","hentry","category-unix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/posts\/192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/comments?post=192"}],"version-history":[{"count":5,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/posts\/192\/revisions"}],"predecessor-version":[{"id":198,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/posts\/192\/revisions\/198"}],"wp:attachment":[{"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/media?parent=192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/categories?post=192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pipeawk.com\/index.php\/wp-json\/wp\/v2\/tags?post=192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}