klaus
Reputation: 11
Disabling TLS 1.0 & 1.1 in Apache 2.4.37 not working
Apache 2.4.37 installed on Centos7, there is no letsencryt application installed, there is no Virtual Host in httpd.conf file.
The below are part of the settings on ssl.conf file.
<VirtualHost _default_:443>
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLProxyCipherSuite PROFILE=SYSTEM
</VirtualHost>
Also tried the below entry but not working. SSLProtocol TLSv1.2
nmap shows only tls1.2 enabled, but ssllab and https://www.cdn77.com/tls-test both show tls 1.0 and 1.1 enabled.
# nmap -sV --script ssl-enum-ciphers -p 443 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-02-10 18:53 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000035s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE VERSION
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
|_http-server-header: Apache/2.4.37 (centos) OpenSSL/1.1.1g
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
.
.
.
Anyone can help me to find the root cause, please? Thanks!
Upvotes: 0
Views: 941
Answers (1)
klaus
Reputation: 11
It turned out the issue is from AWS Load Balancer. The configuration on the Linux level was correct.
Upvotes: 1
Related Questions
- Enable TLS 1.2 Apache
- How to enable the old TLS 1.0 and TLS 1.1 on Apache on Ubuntu 20.04
- Disabling TLS 1.0 in Apache 2.4
- Enable TLSv1.2 in apache 2.2.22
- Enabling TLS1.3 in Apache
- Configure Apache TLSv 1.2
- Disable TLS1.0 and TLS 1.1
- Apache - Cannot enable TLS 1.0 or TLS 1.1
- Why is TLS1.2 not working in Apache 2.4 with SSLProtocol all -SSLv3 -SSLv2?
- Apache won't turn off SSLv2 and SSLv3