From 75ef867717e19df0a39df2f8024d610965be25a1 Mon Sep 17 00:00:00 2001
From: Matthias Hoste <matthias.hoste5@protonmail.com>
Date: Fri, 2 May 2025 17:16:25 +0200
Subject: [PATCH] Enable TLS1

---
 .../etc/nginx/conf.d/include/ssl-ciphers.conf       |  6 +++---
 docker/rootfs/etc/openssl.cnf                       | 13 +++++++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 docker/rootfs/etc/openssl.cnf

diff --git a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
index b5dacfb57..2015a8c5e 100644
--- a/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
+++ b/docker/rootfs/etc/nginx/conf.d/include/ssl-ciphers.conf
@@ -1,4 +1,4 @@
 # intermediate configuration. tweak to your needs.
-ssl_protocols TLSv1.2 TLSv1.3;
-ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
-ssl_prefer_server_ciphers off;
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+#ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
+#ssl_prefer_server_ciphers off;
diff --git a/docker/rootfs/etc/openssl.cnf b/docker/rootfs/etc/openssl.cnf
new file mode 100644
index 000000000..40e82c8a8
--- /dev/null
+++ b/docker/rootfs/etc/openssl.cnf
@@ -0,0 +1,13 @@
+openssl_conf = default_conf
+
+[default_conf]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+# allow everything down to TLS 1.0
+MinProtocol = TLSv1
+# disable the security level checks so even RC4 / old ciphers work
+CipherString = DEFAULT:@SECLEVEL=0