Monday, 3 July 2017

Disable TLSv1.0 and enable TLSv1.2 protocol in apache

Disable the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol such as TLSv1.2.

The following openssl commands can be used to do a manual test:
openssl s_client -connect ip:port -tls1

If the test is successful, then the target support TLSv1

[root@test ~]# grep SSLProtocol /etc/httpd/conf.modules.d/ssl.conf
#  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLProtocol TLSv1.2
[root@test ~]#

No comments:

Post a Comment