i am trying an simple thing but can get it done.
I would like to disable TLSv1 support on my snap based install on a Ubuntu server.
Can’t find an ssl.conf that is writeble to make change.
Would like to add an line
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Should be so simple, wasted a few hours to get it done.
HELP!
usually, the ubuntu/debian structure is the same:
usually, the ssl.conf is located /etc/apache2/sites-enabled
My installation get 2 files:
000-default.conf and 000-default-le-ssl.conf
vim or nano 000-default-le-ssl.conf
I am using letsencrypt certificate. Here an working exemple:
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# HTTP2 protocol enabled
Protocols h2 http/1.1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# letsencrypt chain
SSLCertificateFile /etc/letsencrypt/live/REDACTED/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/REDACTED/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# OFC
ServerName YOURSERVERNAMEHERE
# Guarantee HTTPS for 6 Month including Sub Domains
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</VirtualHost>
# SSL CONF Paranoiac
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
# new ssl no compression method
# no compression due to testing 1.1.1pre8
# SSLCompression on
SSLSessionTickets off
SSLOptions +StrictRequire
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
# EOF