0

On my server with ubuntu 18.04.4 and apache 2.4.41 Im trying to disable tls1.0 and 1.1 by editing:

/etc/apache2/mods-available/ssl.conf

with:

SSLProtocol +TLSv1.2 +TLSv1.3

And afterwards running 

sudo service apache2 restart

However when I check my domain at https://www.ssllabs.com it still says

This server supports TLS 1.0 and TLS 1.1. Grade capped to B.

I was following this https://gist.github.com/GAS85/42a5469b32659a0aecc60fa2d4990308 manual.

Im trying to config my first https website by using certbot.

How can I disable tls1.0 and 1.1 on an ubuntu server running apache.

Sven van den Boogaart
  • 111
  • 1
  • 5
  • @GeraldSchneider Ah the comment by Memes fixed it :) "if you are using Letsencrypt, do not forget to check /etc/letsencrypt/options-ssl-apache.conf " It seems like the other file mentiond in the manual is ignored. – Sven van den Boogaart Mar 12 '20 at 14:49

1 Answers1

1

You need to add to the line this: -TLSv1 -TLSv1.1

SSLProtocol -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3

otherwise you only add TLS 1.2 and 1.3

Romeo Ninov
  • 5,263
  • 4
  • 20
  • 26