| 12 | |
| 13 | > [ system_default_sect ] didn't exist yet in openssl.cnf so I created a new section with this name |
| 14 | |
| 15 | That's unlikely to work -- section names in OpenSSL config are arbitrary strings --- they get their meaning though definitions that point to the section-name. In this case you want to set certain properties in SSL_CTX which is controlled by the `system_default` variable. So you will at least need `ssl_conf` and `system_default` defined. For example, here is a relevant snippet from an openssl.cnf file: |
| 16 | |
| 17 | {{{ |
| 18 | openssl_conf = default_conf |
| 19 | |
| 20 | [default_conf] |
| 21 | ssl_conf = ssl_sect |
| 22 | |
| 23 | [ssl_sect] |
| 24 | system_default = system_default_sect |
| 25 | |
| 26 | [system_default_sect] |
| 27 | MinProtocol = TLSv1.1 |
| 28 | SignatureAlgorithms = RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1 |
| 29 | }}} |
| 30 | |
| 31 | Also see OpenSSL manual for config files --- especially the use of `system_default` variable. |