Re: [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround

From: Milan Crha <mcrha redhat com>
To: evolution-list gnome org
Subject: Re: [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround
Date: Tue, 07 Apr 2020 19:06:07 +0200

On Tue, 2020-04-07 at 18:43 +0200, Dario Lesca wrote:

Someone have some suggest how to change this file ?


        Hi,
I thought the file content is more or less self-explanatory. The
comments there tell you what the format of the file is, what values are
known and what to do (from top to bottom).

Short version:
a) change the not-commented DEFAULT (at the end of the file) to LEGACY
b) run as root: update-crypto-policies

And that's all. From the file, as I see here:

# * LEGACY: Ensures maximum compatibility with legacy systems (64-bit
#   security).

The 'legacy' means 'old' servers here (from my point of view).

I was not aware of the environment variable you found. Thinking of it,
an alternative might be to add:

   export G_TLS_GNUTLS_PRIORITY="NORMAL:%COMPAT:+VERS-TLS1.0"

into ~/.bashrc (or /etc/environment, without the 'export') or some such
file, but that will work only for glib applications and only if
glib-networking uses GnuTLS backend, not the Open SSL backend.

The editing of /etc/crypto-policies/config is supposed to configure all
at once.
        Bye,
        Milan

Follow-Ups:
- Re: [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround
  - From: Dario Lesca

References:
- [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround
  - From: Dario Lesca
- Re: [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround
  - From: Milan Crha
- Re: [Evolution] evolution 3.36 disabled TLS1.0 and TLS 1.1 and workaround
  - From: Dario Lesca

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]