IMB

Asked: 2018-08-27 12:43:59 +0800 CST2018-08-27 12:43:59 +0800 CST 2018-08-27 12:43:59 +0800 CST

How to disable TLSv1 in Apache 2.4 (Debian 8)?

772

I have this line in /etc/apache2/mods-enabled/ssl.conf

SSLProtocol -all +TLSv1.2

However SSL checker whynopadlock still shows this:

Any ideas on how to completely disable TLSv1 in Apache 2.4 (Debian 8) ?

1 Answers

Voted

Michael Hampton
2018-08-27T12:47:34+08:002018-08-27T12:47:34+08:00
With Apache I always specify them in reverse, i.e. disabling the unwanted protocols. This follows the documentation's examples.

SSLProtocol all -SSLv3 -TLSv1
0

Web Analytics Made Easy - Statcounter