How to disable TLS 1.0

gas85 · June 4, 2019, 9:13am

Yes, or just easier: SSLProtocol +TLSv1.2 +TLSv1.3.

# This TLSv1.2 only
SSLProtocol TLSv1.2
# To use TLSv1.2 and TLSv1.3 uncomment line below and comment one above. Please read note above.
#SSLProtocol +TLSv1.2 +TLSv1.3

Be aware that TLS 1.0 and 1.1 are deprecated https://www.keycdn.com/blog/deprecating-tls-1-0-and-1-1

I wrote short how-to “Apache 2.4.18 + Letsencrypt + Ubuntu 16.04/18.04 - SSL config for A+ on SSLLabs.com”

gist.github.com

https://gist.github.com/GAS85/42a5469b32659a0aecc60fa2d4990308

apache_ssl.md


### Prerequsits

* Ubuntu 16.04 or higher (18.04 works the same)
* Apache 2.4.18 or higher
* OpenSSL 1.0.2g-1ubuntu4.10 or higher
* e.g. LetsEncrypt certificate

```
OS: Ubuntu 16.04 Apache/2.4.18 1.0.2g-1ubuntu4.10

This file has been truncated. show original

Also here is how to enable HTTP2.0 in the same environment:

gist.github.com

https://gist.github.com/GAS85/990b46a3a9c2a16c0ece4e48ebce7300

http2_apache2_ubuntu16.04.md

from https://techwombat.com/enable-http2-apache-ubuntu-16-04/

# Requirements

* A self-managed VPS or dedicated server with Ubuntu 16.04 running Apache 2.4.xx.
* A registered domain name with working HTTPS (TLS/SSL). HTTP/2 only works alongside HTTPS because most browsers, including Firefox and Chrome, don’t support HTTP/2 in cleartext (non-TLS) mode.

## Step 1: Upgrade Apache from PPA

Let’s assume you installed Apache from the standard stable Ubuntu repository using apt. When you check your version of apache2 by typing:

This file has been truncated. show original