How can I use docker without sudo?

Question

Eranga Kapukotuwa

Asked: 2019-02-12 01:22:43 +0800 CST2019-02-12 01:22:43 +0800 CST 2019-02-12 01:22:43 +0800 CST

How to disable TLS 1.0, TLS 1.1 on Apache

772

I have enabled TLS 1.2 in my web server. But the http://ssllabs.com indicates that, I have enabled TLS 1.0 and 1.1 versions along with the TLS1.2 in my server. I modified my configurations files to disable 1.0 and 1.1 from my server. But it doesn't help.

/etc/apache2/mods-enabled/ssl.conf

SSLCipherSuite HIGH:!SSLv3:!kRSA:!kECDH:!ADH:!DSS
SSLHonorCipherOrder on
SSLProtocol -all +TLSv1.2

I have multiple virtual hosts in my Apache server. In each file, I have the following configuration.

SSLEngine On
SSLProtocol -all +TLSv1.2
SSLCertificateFile /etc/ssl/certs/certfile.pem
SSLCertificateKeyFile /etc/ssl/private/certfile.pem

5 Answers

Voted

bernieDog · Answer 1 · 2019-04-22T04:06:47+08:00

bernieDog

2019-04-22T04:06:47+08:002019-04-22T04:06:47+08:00

Look in the /etc/letsencrypt/ folder for a configuration file. Let's Encrypt adds an entry in the sites-enabled/-le-ssl.conf file:

Include /etc/letsencrypt/options-ssl-apache.conf

You will need to update the SSLProtocol & SSLCipherSuite directives in that file too.

10

ShapCyber · Answer 2 · 2020-07-27T04:06:44+08:00

Letsencrypt by default will write this in /etc/letsencrypt/options-ssl-apache.conf . Check to make sure is included in your server configuration.

SSLEngine on    
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>

Open this file and edit as below.

SSLEngine on

#we comment out whatever Letsencrypt give here
#SSLProtocol             all -SSLv2 -SSLv3
#We disabled TLS 1.0/1.1 and SSL 2.0/3.0 here
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 

#Comment out whatever Letsencrypt give by default for SSLCipherSuite
#SSLCipherSuite    ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 .....

#Add this line instead of what Letsencrypt added as SSLCipherSuite
#This is to ensure the use of SSL encryption with a high degree of protection.
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

SSLHonorCipherOrder     on
SSLCompression          off

Go back to the SSL Server Test and Clear Cache. Then re-run the Test

jk - Reinstate Monica · Answer 3 · 2020-04-30T08:29:41+08:00

jk - Reinstate Monica

2020-04-30T08:29:41+08:002020-04-30T08:29:41+08:00

With a current Ubuntu 18.04 LTS, we have Apache 2.4.29 and the problem is not reproducible.

The following configuration in /etc/apache2/sites-enables/default-ssl.conf switches off the unwanted protocol versions:

# Suppress TLSv1.0 and TLS v1.1
SSLProtocol +TLSV1.2 +TLSv1.3

I put it close to the end of the file before </VirtualHost>.

2

Fernando León · Answer 4 · 2021-04-28T20:47:50+08:00

Fernando León

2021-04-28T20:47:50+08:002021-04-28T20:47:50+08:00

Enable and disable TLS options

sudo nano /etc/letsencrypt/options-ssl-apache.conf

SSLProtocol             all +TLSv1.3 -TLSv1 -TLSv1.1 -SSLv2 -SSLv3

And run test again!

0

Seyed M · Answer 5 · 2021-04-28T21:19:14+08:00

Seyed M

2021-04-28T21:19:14+08:002021-04-28T21:19:14+08:00

In your virtual-host config, Edit This line

SSLProtocol all -SSLv3 -SSLv2 -SSLv2 -TLSv1 -TLSv1.1

Note that in configuration file, another file maybe included, so you can edit that.

0

How to disable TLS 1.0, TLS 1.1 on Apache

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?