# How can I disable TLS 1.0 and 1.1 in apache?

To disable TLS 1.0 and 1.1 in Apache, you need to modify the SSL/TLS configuration settings. This typically involves editing the Apache configuration file, such as `ssl.conf` or `httpd.conf`. Make sure you have root or superuser privileges to modify these files. Here's the general process:

1. **Open the Apache SSL configuration file:**
    
    Using a text editor or a command-line editor like `nano` or `vim`, open the SSL/TLS configuration file. The location and name of this file may vary based on your system and Apache configuration. Common locations include `/etc/httpd/conf.d/ssl.conf`, `/etc/apache2/sites-available/default-ssl.conf`, etc.
    
2. **Locate the SSL/TLS configuration section:**
    
    Look for the SSL/TLS configuration section, which includes directives related to the SSL protocol and ciphers.
    
3. **Disable TLS 1.0 and 1.1:**
    
    Within the SSL/TLS configuration section, you'll typically find a line similar to this:
    
    ```
    SSLProtocol all -SSLv3
    ```
    
    Modify this line to explicitly exclude TLS 1.0 and 1.1, like this:
    
    ```
    SSLProtocol -SSLv3 -TLSv1 -TLSv1.1
    ```
    
    This configuration disables TLS 1.0 and 1.1 while allowing TLS 1.2 and higher.
    
4. **Save the changes and restart Apache:**
    
    After making the necessary changes, save the configuration file and restart Apache to apply the new settings:
    
    ```bash
    sudo systemctl restart apache2   # For Ubuntu/Debian
    ```
    
    or
    
    ```bash
    sudo systemctl restart httpd     # For CentOS/RHEL
    ```
    
5. **Verify the changes:**
    
    Use an online SSL testing tool or a command-line utility like `openssl` to verify that TLS 1.0 and 1.1 are disabled:
    
    ```bash
    openssl s_client -connect yourdomain.com:443 -tls1
    ```
    

Replace `yourdomain.com` with the domain hosted on the Apache server. This command attempts to connect using TLS 1.0. You should receive an error or a handshake failure if TLS 1.0 and 1.1 are disabled correctly.

Remember, before making changes to your SSL/TLS configuration, it's crucial to ensure that your users and clients support the newer TLS versions to avoid service disruptions. Additionally, always make a backup of the configuration file before making changes.