How can I disable TLS 1.0 and 1.1 in apache?
To disable TLS 1.0 and 1.1 in Apache, you need to modify the SSL/TLS configuration settings. This typically involves editing the Apache configuration file, such as
httpd.conf. Make sure you have root or superuser privileges to modify these files. Here's the general process:
Open the Apache SSL configuration file:
Using a text editor or a command-line editor like
vim, open the SSL/TLS configuration file. The location and name of this file may vary based on your system and Apache configuration. Common locations include
Locate the SSL/TLS configuration section:
Look for the SSL/TLS configuration section, which includes directives related to the SSL protocol and ciphers.
Disable TLS 1.0 and 1.1:
Within the SSL/TLS configuration section, you'll typically find a line similar to this:
SSLProtocol all -SSLv3
Modify this line to explicitly exclude TLS 1.0 and 1.1, like this:
SSLProtocol -SSLv3 -TLSv1 -TLSv1.1
This configuration disables TLS 1.0 and 1.1 while allowing TLS 1.2 and higher.
Save the changes and restart Apache:
After making the necessary changes, save the configuration file and restart Apache to apply the new settings:
sudo systemctl restart apache2 # For Ubuntu/Debian
sudo systemctl restart httpd # For CentOS/RHEL
Verify the changes:
Use an online SSL testing tool or a command-line utility like
opensslto verify that TLS 1.0 and 1.1 are disabled:
openssl s_client -connect yourdomain.com:443 -tls1
yourdomain.com with the domain hosted on the Apache server. This command attempts to connect using TLS 1.0. You should receive an error or a handshake failure if TLS 1.0 and 1.1 are disabled correctly.
Remember, before making changes to your SSL/TLS configuration, it's crucial to ensure that your users and clients support the newer TLS versions to avoid service disruptions. Additionally, always make a backup of the configuration file before making changes.
Where to keep SSL certificates and private keys on Ubuntu and Debian?
To list all available CA SSL certificates run the following lines of code:Questions
SSL Certificate Problem: Unable to get Local Issuer Certificate
If you get SSL certificate problem: unable to get local issuer certificate error, it's an indication that your root and intermediate certificates on the system are not working correctly or not set up correctly.Questions
Solved: Invalid command ‘SSLEngine
This frequently happens on fresh Apache servers. When Apache starts it reads through the configuration files. When it encounters `SSLEngine` directive, it considers it as unknown. This is caused by the fact that the server’s basic configuration does not have `mod_ssl` module installed or enabled.Questions
How to force or redirect to SSL in nginx?
To force or redirect all incoming traffic to SSL (HTTPS) in Nginx, you can use a server block that handles HTTP requests on port 80 and redirect them to HTTPS. Here's an example configuration: Open...Questions
Make your mark
Join the writer's program
Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.Write for us
Build on top of Better Stack
Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email@example.com
or submit a pull request and help us build better products for everyone.
See the full list of amazing projects on github