How to enable TLS SHA-1 Server Signatures on Photon OS 5

[vahric]

Describe the bug

VMware Cloud Director has an issue (10.5.1) about TLS SHA-1 Server Signatures .....
Right now from chrome or browser need to enable TLS SHA-1 Server Signatures (because default its disabled)
Because of that also on Photon OS 5 my HAProxy could not establish ssl
On Photon os how to configure openssl for allow TLS SHA-1 Server Signatures ?

Reproduction steps

1.curl -v https://vcdnanem:443
2.
3.
...

Expected behavior

when try to cpnnect you can see that connection is not est ....

Additional context

No response

[dcasota]

Hi,

Can you clarify the bug, please?

TLS 1.0 is disabled, yes. On Ph5 you can enable it by modifying /etc/gnutls/default-priorities. Simply replace the !sign with a + : SYSTEM=NONE:!VERS-SSL3.0:+VERS-TLS1.0:+VERS-TLS1.1:+VERS-TLS1.2:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL
You can check the protocols and MACs by gnutls-cli --priority @SYSTEM -l.
See https://vmware.github.io/photon/assets/files/html/3.0/photon_admin/disabling-tls-1.0.html.

For VMware Cloud Director, see https://kb.vmware.com/s/article/88929 and https://docs.vmware.com/en/VMware-Cloud-Director/10.5/VMware-Cloud-Director-Install-Configure-Upgrade-Guide/GUID-B63373E4-9470-4923-B93D-692972A7D419.html