Reputation: 71
How to enable the old TLS 1.0 and TLS 1.1 on Apache on Ubuntu 20.04
Summary: We need to re-enable old TLS 1.0 / TLS 1.1 on Apache on Ubuntu 20.04 to support old application.
Background: We have recently upgraded from Ubuntu 18.04 to 20.04. One of our old Windows application has stopped working. We have diagnosed the problem down to our new server not accepting TLS 1.0 / 1.1 connections. How can we re-enable these old protocols? We know these are less secure but that serves our purpose right now.
We have tried adding SSLProtocol +TLSv1 +TLSv1.1 to the Apache config but it does not work.
Please help.
Upvotes: 6
Views: 6826
Answers (2)
Reputation: 2970
The thing that eventually works for me is replacing
SSLCipherSuite HIGH:!aNULL
with
SSLCipherSuite TLSv1:@SECLEVEL=1
in /etc/apache2/mods-avalable/ssl.conf
The SSLProtocol lines had no effect for me, although they might work if they are put in the first vhost configuration that Apache encounters.
Upvotes: 0
Reputation: 1051
You should try to specify SSLCipherSuite with an extra @SECLEVEL=1 pseudo-protocol. The default security level in Ubuntu 20.04 will not allow to use TLSv1 even if you explicitly set it in the supported protocols list.
Try:
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:@SECLEVEL=1
Upvotes: 2
Related Questions
- Enable TLS 1.2 Apache
- Disabling TLS 1.0 & 1.1 in Apache 2.4.37 not working
- Is it possible to run TLSv1.2 on old Apache and Debian version
- Disabling TLS 1.0 in Apache 2.4
- Enable TLSv1.2 in apache 2.2.22
- Enabling TLS1.3 in Apache
- Configure Apache TLSv 1.2
- Disable TLS1.0 and TLS 1.1
- Apache - Cannot enable TLS 1.0 or TLS 1.1
- How do I specify "TLSv1.2 protocol or later" for Apache httpd