Disable TLSv1.0

Abdelrahman · October 30, 2018, 2:49pm

How can I manage to disable TLSv1.0 protocol in Apache?

sahsanu · October 30, 2018, 3:07pm

You should find the SSLProtocol directive in your conf file and use only the protocols you want/need.

Use this command to find the file containing the directive:

grep -ri SSLProtocol /path/to/your/apache/conf/dir/

In Debian based distributions you should use:

grep -ri SSLProtocol /etc/apache2/

In CentOS:

grep -ri SSLProtocol /etc/httpd/

Once you know where is the directive, edit the file and you should see something like this:

SSLProtocol all -SSLv3

If you only want to use TLSv1.1 and TLSv1.2 use this (note that TLSv1 actually means TLSv1.0):

SSLProtocol all -SSLv3 -TLSv1

or

SSLProtocol TLSv1.1 TLSv1.2

Once you changed the conf file, restart Apache to apply the changes.

Cheers,
sahsanu

jsha · October 30, 2018, 5:33pm

@sahsanu’s reply is excellent. You may also be interested in this page from Mozilla documenting good choices of cipher suites: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

system · November 29, 2018, 5:36pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't seem to disable TLSv1.1 Help	7	597	December 15, 2020
Disabling TLSv1 Help	4	861	June 17, 2020
Disabling TLS 1.0 and TLS 1.1 Help	16	27318	April 5, 2020
How to disable TLSv1 Help	10	14343	January 27, 2018
Can't seem to enable TLS1.3 Help	30	2005	December 20, 2020