Let's see here, the following RedHat article shows how you can display what the requirements are for each crypto policy using gnutls-utils and httpd/ Here we are interested in what the requirement are when you execute update-crypto-policies --set LEGACY Follow the server recipe in the article using alma 9. Then we can see where EL7 is diverging from what alma 9 wants. See: https://access.redhat.com/articles/3666211 According to RH, LEGACY should ensures maximum compatibility with Red Hat Enterprise Linux 5 and earlier; it is less secure due to an increased attack surface. In addition to the DEFAULT level algorithms and protocols, it includes support for the TLS 1.0 and 1.1 protocols. The algorithms DSA, 3DES, and RC4 are allowed, while RSA keys and Diffie-Hellman parameters are accepted if they are at least 1023 bits long. This may not be the case in Alma 9 so let's find out. Andy On Wed, 31 May 2023, Adrian Sevcenco wrote: > @bbockelm yeah, i did not get it but make sense. so i did as you suggested, rebooted the machine and the error is the same. for reference the overall current policy looks like this: https://asevcenc.web.cern.ch/asevcenc/eos_config_auger/new_pol > > -- > Reply to this email directly or view it on GitHub: > https://github.com/xrootd/xrootd/issues/2014#issuecomment-1570951631 > You are receiving this because you were mentioned. > > Message ID: ***@***.***> -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/2014#issuecomment-1571019038 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1