enterprise-support team mailing list archive

Thread
Date

[Bug 1665151] [NEW] Apache ignores disable TLSv1.0

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: David Favor <david@xxxxxxxxxxxxxx>
Date: Wed, 15 Feb 2017 22:13:55 -0000
Reply-to: Bug 1665151 <1665151@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

None of these settings correctly disable TLSv1.0 as stated in Apache docs.
_______

# SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# SSLProtocol -All TLSv1.2
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

# SSLProtocol all -SSLv2 -SSLv3 -TLSv1
# SSLProtocol -all +TLSv1.2
# SSLProtocol TLSv1.2 -TLSv1
# SSLProtocol TLSv1.2
# SSLProtocol -All +TLSv1.1 +TLSv1.2

Likely the best setting is this, which will eventually pickup TLSv1.3+
when these protocols become available.

This also fails...

SSLProtocol all -SSLv2 -SSLv3 -TLSv1

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1665151

Title:
  Apache ignores disable TLSv1.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1665151/+subscriptions

Follow ups

[Bug 1665151] Re: Apache ignores disable TLSv1.0
From: Bug Watch Updater, 2022-12-04
[Bug 1665151] Re: Apache ignores disable TLSv1.0
From: Tim, 2019-12-13
[Bug 1665151] Re: Apache ignores disable TLSv1.0
From: ChristianEhrhardt, 2017-02-17