How force that all connections to my Apache use TLSv1.1 or TLSv1.2?
Setting SSLCipherSuite with just ciphers that are just supported in TLSv1.2 bypass the Apache 2.2 limitation of parse TLSv1.1 string to limited TLS to version over 1.0.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I tested on Ubuntu 12.04 (apache 2.2.22-1ubuntu1.4 and openssl 1.0.1-4ubuntu5.10) and Ubuntu 13.04 (apache 2.2.22-6ubuntu5.1 and openssl 1.0.1c-4ubuntu8.1).
here explain how to do so, but I have the following problems:
When try to use:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
I got the following error:
[error] No SSL protocols available [hint: SSLProtocol]
when try to use:
SSLProtocol TLSv1.1 TLSv1.2
I got the following error:
[error] No SSL protocols available [hint: SSLProtocol]
Th funny thing is that when I use:
SSLProtocol all -SSLv2 -TLSv1
apache don't complain and this test reported that my server not support SSLv2 and TLSv1.0, but yes SSLv3, TLSv1.1 and TLSv1.2.
Any explanation to that odd behavior? maybe the test tool is broken?
How can I enable just TLSv1.1 and TLSv1.2?
-
Braiam over 10 yearsI believe you have
mod_ssl
activated, right? -
Admin over 10 yearsYes, the last example works, apache don't complain and...
-