How do I configure to get TLSv1.0 in openssl 3.x

[luffysamk]

I'm trying to connect to SQL Server 2008R2(TLS1.0) with aspnet 8 docker(mcr.microsoft.com/dotnet/aspnet:8.0), but got expcetion A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL Provider, error: 31 - Encryption(ssl/tls) handshake failed)

but it is working on mcr.microsoft.com/dotnet/aspnet:7.0. Just add
RUN /bin/sh -c sed -i 's/TLSv1.2/TLSv1/g' /etc/ssl/openssl.cnf

I've read the file openssl.cnf，try the new version cfg setting, but not worked:

[openssl_init]
ssl_conf = ssl_configuration

[ssl_configuration]
system_default = tls_system_default

[tls_system_default]
MinProtocol = TLSv1.0

How do I configure to get results? Thanks

[mattcaswell]

I assume your config file has the line openssl_conf = openssl_init near the top somewhere? That is necessary for it to work.

Additionally, the SHA1 algorithm is not allowed in the default OpenSSL security level because it is considered insecure. TLSv1.1 and below require the use of SHA1 so to use those protocol versions you need to reduce the default security level.

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_configuration

[ssl_configuration]
system_default = tls_system_default

[tls_system_default]
MinProtocol = TLSv1.0
CipherString = DEFAULT@SECLEVEL=0

[luffysamk]

Thank you very much!!!!Just need a little change,
I tried CipherString = DEFAULT@SECLEVEL=1 , but I didn't realize I needed to change the security level to zero
Now configure the correct answer below

[openssl_init]
ssl_conf = ssl_configuration

[ssl_configuration]
system_default = tls_system_default

[tls_system_default]
MinProtocol = TLSv1
CipherString = DEFAULT@SECLEVEL=0