-1

I cannot enable tls 1.0 and 1.1 on my server. configuration:

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          @SECLEVEL=1:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES25-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

openssl version :

OpenSSL 1.0.2k-fips  26 Jan 2017

apache version:

Server version: Apache/2.4.57

What I'm doing wrong?

moh3en
  • 1
  • I'm not sure I agree with the close (to me this is borderline) but anyway: the ciphersuites in your directive are all AEAD (either AES-GCM or CHACHA/POLY) and **AEAD suites don't exist in TLS 1.0 or 1.1**. AEAD suites only exist in 1.2 and 1.3 -- and the 1.3 suites are different from the 1.2 suites, so this list wouldn't work in 1.3 even if you used an OpenSSL version that supports 1.3. – dave_thompson_085 Sep 02 '23 at 07:20
  • @dave_thompson_085 What is your suggestion for four protocols to be supported? – moh3en Sep 02 '23 at 07:27

0 Answers0