Does Apache 2.2.3 support TLSv1.1 and TLSv1.2?
9,289
As of right now, CentOS 5.11 (Latest Stable) does not support TLSv1.1 or TLSv1.2.
I am using a CentOS 5.11 dev machine with the following settings to mitigate any BEAST Attacks and such:
[dev@host ~]# cat /etc/redhat-release
CentOS release 5.11 (Final)
[dev@host ~]# yum list installed | grep httpd
httpd.x86_64 2.2.3-91.el5.centos
[dev@host ~]# yum list installed | grep openssl
openssl.x86_64 0.9.8e-32.el5_11
[dev@host ~]# cat /etc/httpd/conf.d/ssl.conf | grep SSLProtocol
SSLProtocol +TLSv1
[dev@host ~]# cat /etc/httpd/conf.d/ssl.conf | grep SSLCipherSuite
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
Make sure to add this for Cipher in the same ssl.conf
SSLHonorCipherOrder on
The only way to remove TLSv1 and add TLSv1.1 or TLSv1.2 SSL Protocols is to upgrade to CentOS 6. Be careful that if you do enable TLSv1.1 and TLSv1.2 and remove TLSv1 on a CentOS 6 machine, old browsers may not support it or even 3rd party Apps. Test it first of course.
Related videos on Youtube
Author by
user3299199
Updated on September 18, 2022Comments
-
user3299199 over 1 year
How can I find out if Apache 2.2.3 supports TLSv1.1 and TLSv1.2?
If possible how can I implement it?