0

i am having a little issue with my Server. I want to Disable tlsv1 and tlsv1.1 but... My settings don't take hold. I specified the protocols in mod_ssl and tried to set them in the openssl config file, but to no avail.

Here are some configuration excerpts with hope that someone can point me to a solution. It's driving me nuts...

apache2/mods-available/ssl.conf
SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

If more information are required, do not hesitate to ask.

Best regards!

UnholyPestile
  • 11
  • 1
  • 5

2 Answers2

1

Try: SSLProtocol -all +TLSv1.2

Mik
  • 23
  • 1
  • 5
  • Thanks for the try, but I already tried that before (should've clarified beforehand). I still tried it again, but every check still prompts tls1.0 and tls1.1 as option. :/ – UnholyPestile Jul 13 '18 at 09:29
  • @UnholyPestile: To clarify: The important part is the `-` in `-all`. You just have written `all` in your post. – Sven Jul 13 '18 at 09:58
  • Hello @Sven, yes I am aware of that, but I tried it with -all beforehand! :) (before asking for help here) Posted above was the current iteration of the config. – UnholyPestile Jul 13 '18 at 10:58
1

Found the Issue,

after a bit of digging around i found that certbot installed "ssl options" which were included. These had overwritten my config to disallow TLSv1.

Fixed it now.

UnholyPestile
  • 11
  • 1
  • 5