Author Topic: Trying to turn off support for TLSv1 and v1.1  (Read 2662 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Trying to turn off support for TLSv1 and v1.1
« on: May 24, 2021, 09:30:52 PM »
Probably like many others I am trying to prevent TLSv1 and TLSv1.1 from being used, mainly to meet PCI requirements. After doing a little research it seems I needed to insert the following line into the /usr/local/apache/conf.d/ssl.conf file

SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1

I restarted apache using the CWP dashboard but still get notifications that my site does support TLS1 and 1.1. Can anyone give me a pointer on next steps? If I make a typo on that line apache will not start so I know it is at least reading that file.

Should I be doing this somewhere else or in CWP??

Thanks,
wex


Offline
*
Re: Trying to turn off support for TLSv1 and v1.1
« Reply #2 on: May 25, 2021, 12:21:30 PM »
Sandeep, many thanks for the reply. The server is already up and running so I am a little wary about re-installing everything from scratch. I was hoping there was an edit I could make to an existing conf file to prevent TLSv1 and v1.1 but assuming that to NOT be the case will look at this link this weekend during some downtime for the site.

Many thanks again.

Offline
***
Re: Trying to turn off support for TLSv1 and v1.1
« Reply #3 on: June 08, 2021, 03:03:46 PM »
/usr/local/apache/conf.d/ssl.conf

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Listen to everything Pixelpadre says.