Warning
Following these instructions will make your system less secure and potentially open it for known issues and vulnerabilities.
Only do this if your sure you need it.
By default TLSv1.0 and TLSv1.1 is, for good reasons, disabled on RHEL 9. However when there is a legacy client that does not support TLSv1.2 this is a problem.
Just adding ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
in the nginx configuration is not enough on RHEL 9. It’s still not possible to get a TLSv1.1 or below handshake to go through.
After some digging around on the internet I found the following resources:
Combining these to sources I found that setting the system crypto policy to LEGACY
|
|
And adding @SECLEVEL=0
to the ssl_ciphers in the nginx configuration
|
|
This solved my problem!