@jgunthorpe, what if you do something like this, where you create an OPENSSL_CONF that explicitly (re)enables unsafe legacy negotiation? Instead of using /dev/null.
``` $ cat > /tmp/openssl.conf <<EOF _openssl_conf = openssl_init [openssl_init] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] Options = UnsafeLegacyRenegotiation_ EOF
$ OPENSSL_CONF=/tmp/openssl.conf curl <usual options> ```
That comes from https://github.com/dlenski/gp-saml-gui/issues/42
@jgunthorpe, what if you do something like this, where you create an OPENSSL_CONF that explicitly (re)enables unsafe legacy negotiation? Instead of using /dev/null.
``` default_ sect] egotiation_
$ cat > /tmp/openssl.conf <<EOF
_openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_
Options = UnsafeLegacyRen
EOF
$ OPENSSL_ CONF=/tmp/ openssl. conf curl <usual options>
```
That comes from https:/ /github. com/dlenski/ gp-saml- gui/issues/ 42