Disable TLSv1.0


#1

How can I manage to disable TLSv1.0 protocol in Apache?


#2

Hi @Abdelrahman,

You should find the SSLProtocol directive in your conf file and use only the protocols you want/need.

Use this command to find the file containing the directive:

grep -ri SSLProtocol /path/to/your/apache/conf/dir/

In Debian based distributions you should use:

grep -ri SSLProtocol /etc/apache2/

In CentOS:

grep -ri SSLProtocol /etc/httpd/

Once you know where is the directive, edit the file and you should see something like this:

SSLProtocol all -SSLv3

If you only want to use TLSv1.1 and TLSv1.2 use this (note that TLSv1 actually means TLSv1.0):

SSLProtocol all -SSLv3 -TLSv1

or

SSLProtocol TLSv1.1 TLSv1.2

Once you changed the conf file, restart Apache to apply the changes.

Cheers,
sahsanu


#3

@sahsanu’s reply is excellent. You may also be interested in this page from Mozilla documenting good choices of cipher suites: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations

And this tool that can generate configurations for you: https://mozilla.github.io/server-side-tls/ssl-config-generator/