I noticed you are running an older version of Apache via RHEL, and guessed that you are likely in a corporate environment. You might also have a MITM attack going on. Lots of corporations mess with traffic via MITM proxies that intercept traffic, redirects, etc. If you don't find the solution quickly, I suggest checking the TLS endpoint to make sure you are actually talking to your server directly (check that the certs match, etc., not just the name on them). Rick Houser Web Administration > -----Original Message----- > From: Eric Covener [mailto:covener@xxxxxxxxx] > Sent: Wednesday, July 13, 2016 16:49 > To: users@xxxxxxxxxxxxxxxx > Subject: Re: SSLProtocol and TLSv1 > > On Wed, Jul 13, 2016 at 4:46 PM, Phil Smith <philboonz@xxxxxxxxx> wrote: > > Either setting seems to work in disabling TLSv1 if the apache server is > > requested via private IP address. > > > > However, neither seem to work in disabling TLSv1 if the apache server is > > requested via public IP address. > > > Maybe you have SSL enabled in two scopes (global, virtualhost) but > only SSLProtocol in one of them? > > > -- > Eric Covener > covener@xxxxxxxxx > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|