>> You can override this via command-line, a system config file, or a local config file + environment variable pointing to it.
Some hints as to how to achieve that "local config file + environment variable" would be extremely useful.
I've tried it and got nowhere, although I know that setting SECLEVEL=1 would fix my immediate problem, as I can set it on a command line for openssl s_client.
Forcing a minimum SECLEVEL of 2 by default is fine, but there has to be some-way of letting users reduce this when they are talking to external services, or providing services for external clients that cannot, for some reason,change at the moment.
>> You can override this via command-line, a system config file, or a local config file + environment variable pointing to it.
Some hints as to how to achieve that "local config file + environment variable" would be extremely useful.
I've tried it and got nowhere, although I know that setting SECLEVEL=1 would fix my immediate problem, as I can set it on a command line for openssl s_client.
See: https:/ /bugs.launchpad .net/ubuntu/ +source/ openssl/ +bug/1878519
Forcing a minimum SECLEVEL of 2 by default is fine, but there has to be some-way of letting users reduce this when they are talking to external services, or providing services for external clients that cannot, for some reason,change at the moment.