I have recently reinstalled my server to Ubuntu 20.04.
A support call came in and after a few days, I managed to notice that TLS v1.0 and v1.1 were not being provided by my web server,
nginx. The configuration was fine and explicitly enables TLSv1 and TLSv1.1. Nothing appeared in nginx's logs…
Later on, I notice that nothing seems to work with TLS 1.0 or 1.1 anymore.
openssl s_client -tls1 -connect matrix.org:443 doesn't work (it fails with
no protocols available), whereas it does under Ubuntu 18.04.
Someone else at this question is no longer able to connect to their MySQL server that doesn't support TLS v1.2.
I am starting to suspect that this may be an intentional change to Ubuntu, but I can't find anything in the release notes and I also can't find out how to re-enable TLS v1.0 and v1.1 since I really need it to support some older users' devices (mainly Android phones).
How can TLS v1.0 and/or v1.1 be re-enabled?
I tried modifying
/etc/ssl/openssl.cnf (which is symlinked to by
/usr/lib/ssl/openssl.cnf) to add
openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_sect [ ssl_sect ] system_default = system_default_sect [ system_default_sect ] MinProtocol = TLSv1 DEFAULT@SECLEVEL = 1
This did not result in any difference when using the
openssl command shown before (I tried both 'TLSv1' and 'TLSv1.0' as the MinProtocol).