How can I manage to disable TLSv1.0 protocol in Apache?
You should find the
SSLProtocol directive in your conf file and use only the protocols you want/need.
Use this command to find the file containing the directive:
grep -ri SSLProtocol /path/to/your/apache/conf/dir/
In Debian based distributions you should use:
grep -ri SSLProtocol /etc/apache2/
grep -ri SSLProtocol /etc/httpd/
Once you know where is the directive, edit the file and you should see something like this:
SSLProtocol all -SSLv3
If you only want to use TLSv1.1 and TLSv1.2 use this (note that TLSv1 actually means TLSv1.0):
SSLProtocol all -SSLv3 -TLSv1
SSLProtocol TLSv1.1 TLSv1.2
Once you changed the conf file, restart Apache to apply the changes.
@sahsanu’s reply is excellent. You may also be interested in this page from Mozilla documenting good choices of cipher suites: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
And this tool that can generate configurations for you: https://mozilla.github.io/server-side-tls/ssl-config-generator/
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.