Description of problem: I am not able to connect to e.g. rc4.badssl.com even if I set LEGACY profile in crypto-policies. Version-Release number of selected component (if applicable): # rpm -q openssl crypto-policies openssl-1.1.0e-1.fc26.x86_64 crypto-policies-20170214-2.gitf3018dd.fc26.noarch How reproducible: always Steps to Reproduce: 1. update-crypto-policies --set LEGACY 2. openssl s_client -connect rc4.badssl.com:443 -servername rc4.badssl.com -cipher 'PROFILE=SYSTEM' Actual results: Setting system policy to LEGACY CONNECTED(00000003) 140264570758912:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 267 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None Start Time: 1490813499 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- Expected results: Connection is negotiated.
RC4 is completely disabled with OpenSSL-1.1.0 along with other weak cipher suites. I do not think we want to change this.