Unable to Enable only TLS1.0, 1.1 and 1.2 on apache

cseufert

Member
Aug 11, 2017
6
0
1
Melbourne, Australia
cPanel Access Level
Root Administrator
Hi,

I am running v68.0.29 and recently updated our server settings to only accept TLSv1.2, however we still need to support TLSv1.0 for some older clients.

I have tried changing the SSLProtocols to many things via the whm apache configuration.

-all +TLSv1.0 +TLSv1.1 +TLSv1.2
TLSv1.0 +TLSv1.2
all -SSLv2 -SSLv3 +TLSv1.0 +TLSv1.2

and whenever I run an SSLlabs test, or try connecting with openssl client only the TLSv1.2 connection can be used.

Open SSL command im using:
openssl s_client -connect example.net:433 -tls1

What am I missing?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,224
463
I have tried changing the SSLProtocols to many things via the whm apache configuration.

-all +TLSv1.0 +TLSv1.1 +TLSv1.2
TLSv1.0 +TLSv1.2
all -SSLv2 -SSLv3 +TLSv1.0 +TLSv1.2
Hello,

Try using this string:

Code:
All -SSLv2 -SSLv3
Also, note that SSLLabs can sometimes cache data, so ensure the information you see from them is updated and not cached.

Thank you.