Reputation: 61
Enable TLS 1.2 Apache
I want to enable TLS 1.2 in Ubuntu server 18.
I have edited the /etc/apache2/mods-available/ssl.conf, adding
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on
but still Apache is using tls 1.0. Is it possible to activate tls 1.2?
The Apache version is Apache/2.4.29 (Ubuntu)
Upvotes: 6
Views: 73591
Answers (1)
Reputation: 3346
To enable TLS 1.2 in Apache, you will need to change/add the SSLProtocol directive.
Note: To do any of this, mod_ssl should be enabled, if not, use the command sudo a2enmod ssl.
The below configuration line will disable all TLS versions except TLSv1.2.
SSLProtocol -all +TLSv1.2 #This makes Apache to support only TLSv1.2
You can also support TLSv1.3 if you have OpenSSL 1.1.1 or newer. You can check the OpenSSL version by running the command: openssl version in the terminal, etc. You will also need Apache version 2.4.36 or more to use the TLSv1.3 provided by OpenSSL. You can also support TLSv1.3 together with TLSv1.2 using SSLProtocol -all +TLSv1.2 +TLSv1.3.
Upvotes: 12
Related Questions
- How to enable the old TLS 1.0 and TLS 1.1 on Apache on Ubuntu 20.04
- Disabling TLS 1.0 & 1.1 in Apache 2.4.37 not working
- Disabling TLS 1.0 in Apache 2.4
- Enable TLSv1.2 in apache 2.2.22
- Enabling TLS1.3 in Apache
- Configure Apache TLSv 1.2
- Disable TLS1.0 and TLS 1.1
- Apache - Cannot enable TLS 1.0 or TLS 1.1
- How do I specify "TLSv1.2 protocol or later" for Apache httpd
- Why is TLS1.2 not working in Apache 2.4 with SSLProtocol all -SSLv3 -SSLv2?