Comment 7 for bug 1861791

Thanks for the openSSL config example! I set up a Bionic and a Focal VM, both with client and server, to test this.

Without this config, the connection does not work in any direction, i.e. the Bionic client won't connect to the Focal server (with a chat message saying "remote host closed connection") and the Focal client won't connect to the Bionic server (with a popup warning about legacy encryption).

Adding the openSSL config snippet on the Focal machine allows a connection in both directions. When using the default mumble config on both sides, TLS1.0 using suite TLS_RSA_WITH_AES_256_CBC_SHA is negotiated on the control channel.

Two Focal instances will correctly negotiate TLS1.3 using TLS_AES_256_GCM_SHA384. Bionic instances using the PPA will also successfully negotiate TLS1.3 and the same cipher but show "UnknownProtocol" in the client's server info dialog.