disable tls1.0 1.1 apache

Question

On my server with ubuntu 18.04.4 and apache 2.4.41 Im trying to disable tls1.0 and 1.1 by editing:

/etc/apache2/mods-available/ssl.conf

with:

SSLProtocol +TLSv1.2 +TLSv1.3

And afterwards running

sudo service apache2 restart

However when I check my domain at https://www.ssllabs.com it still says

This server supports TLS 1.0 and TLS 1.1. Grade capped to B.

Im trying to config my first https website by using certbot.

How can I disable tls1.0 and 1.1 on an ubuntu server running apache.

score 1 · Answer 1 · answered Mar 12 '20 at 14:41

1

You need to add to the line this: -TLSv1 -TLSv1.1

SSLProtocol -TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3

otherwise you only add TLS 1.2 and 1.3

answered Mar 12 '20 at 14:41

Romeo Ninov

1 Answers1