Customer is using openssl +http2 on windows. I have tested on win2012 and rhel 7 following [1]. I noticed if ssl protocol is set to "openssl.TLSv1"
<security-realm name="CertificateRealm">
<server-identities>
<ssl protocol="openssl.TLSv1">
then the site stopped working, all the keystore and trustores are fine as the site works when it is openssl.TLSv1.2. But if I include enabled-protocols="TLSv1" in https-listerner configuration
<https-listener name="https" socket-binding="https" security-realm="CertificateRealm" enable-http2="true" enabled-protocols="TLSv1" />
It works. The downside is when I add more to the list, it stop working, for example enabled-protocols="TLSv1, TLSv1.1".
Also, if I don't use openssl, then the site works for all browsers. ie.
<ssl protocol="TLSv1">
- is related to
-
WFCORE-4737 CVE-2019-14887 The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use
-
- Closed
-