ubuntu 20.04不再支持TLS 1.x版本

Ubuntu升级到20.04后，访问部分服务器失败，提示如下错误：

root@wudan:~/tools/GetDailyBuild$ curl https://sso.wudan.net:8443/cas/login
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

这个是因为Ubuntu 20.04默认不再支持TLS 1.x版本，因此会提示"unsupported protocol"。

禁用TLS 1.x主要是了于安全方面的考虑，但是公司内网只支持TLS 1.x版本，可以基于程序来指定特定的openssl配置文件，具体操作如下：

• 创建本地配置文件openssl.cnf文件，使能TLS 1.x版本，文件内容如下：

  openssl_conf = openssl_init[openssl_init]
  ssl_conf = ssl_sect[ssl_sect]
  system_default = system_default_sect[system_default_sect]
  CipherString = DEFAULT@SECLEVEL=1
  

• 使用"OPENSSL_CONF=/path/to/openssl.cnf xxxx"的方式来运行xxxx程序

  root@wudan:~/tools/GetDailyBuild$ OPENSSL_CONF=openssl.cnf curl -v https://sso.wudan.net:8443/cas/login
  *   Trying 192.168.5.122:8443...
  * TCP_NODELAY set
  * Connected to sso.wudan.net (192.168.5.122) port 8443 (#0)
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * successfully set certificate verify locations:
  *   CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.0 (IN), TLS handshake, Certificate (11):
  * TLSv1.0 (OUT), TLS alert, unknown CA (560):
  * SSL certificate problem: self signed certificate
  * Closing connection 0
  curl: (60) SSL certificate problem: self signed certificate
  More details here: https://curl.haxx.se/docs/sslcerts.html
  
  curl failed to verify the legitimacy of the server and therefore could not
  establish a secure connection to it. To learn more about this situation and
  how to fix it, please visit the web page mentioned above.