How to turn off TLS 1.0/1.1 in Amazon Lightsail


Greetings LE Community! I noticed that Qualsys’s SSL Labs is going to be capping their SSL grades at a ‘B’ for websites that still have TLS 1.0 and 1.2 on. I am trying to figure out if turning this off is done at the server level or the certificate level.

Any help would be greatly appreciated by myself or others that are going to run into this starting in January 2020.


Those could be either at the server level or at per virtual host level.

You could turn off TLS V1.0 and 1.1 by modify your Nginx (ssl_protocols) or Apache(SSLProtocol) conf.

Thank you


FYI, if you’ve used Mozilla’s SSL configuration generator, they updated it recently, and now the default “modern” and “intermediate” configurations both disable TLS 1.0 and 1.1.

(They also changed the URL recently!)

1 Like

Thank you gentlemen. You both pointed me in the right direction. After changing these in the appropriate Apache config files and not working, I realized I had brain-faded and needed to change then in the Bitnami config files.

Cleared the SSL Labs cache and ran it again. Voila! It shows only running TLSv1.2. As always this community rocks and is the reason why I donate $ every year.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.