Hello,
I have a virtualhost where i need to allow only TLSv1.2.
Tried following config:
<VirtualHost *:443>
? ServerName xxxxxx
? ServerAlias xxxxxx
..
..? cut rest to shorten a bit
..
? SSLEngine On
? SSLProtocol -all +TLSv1.2
? SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
? SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx/privkey.pem
? SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx/chain.pem
</VirtualHost>
But when I do a test with "nmap --script ssl-enum-ciphers -p 443
URLofSite | grep TLSv" I always see that TLSv1.1 is still activated.
Also tested with other tools like ssllabs.com....
As found on serverfault.com I tried the following directive too but
without success: |
|??? SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"|
|Seems that the generic config file in /etc/httpd/conf.d/ssl.conf always
overrides my settings in the virtualhost?
Thanks for any help,
Thomas
I have a virtualhost where i need to allow only TLSv1.2.
Tried following config:
<VirtualHost *:443>
? ServerName xxxxxx
? ServerAlias xxxxxx
..
..? cut rest to shorten a bit
..
? SSLEngine On
? SSLProtocol -all +TLSv1.2
? SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
? SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx/privkey.pem
? SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx/chain.pem
</VirtualHost>
But when I do a test with "nmap --script ssl-enum-ciphers -p 443
URLofSite | grep TLSv" I always see that TLSv1.1 is still activated.
Also tested with other tools like ssllabs.com....
As found on serverfault.com I tried the following directive too but
without success: |
|??? SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"|
|Seems that the generic config file in /etc/httpd/conf.d/ssl.conf always
overrides my settings in the virtualhost?
Thanks for any help,
Thomas