On 16/10/2019 12:44, Martin Drescher wrote: > So I would suggest, putting the 1.3 only server as the first in your config. > I would also suggest, to set 'SSLProtocol -all +TLSv1.2 +TLSv1.3' in the SSL module's config and after that, deny it in 'second.server.on.my.domain' with 'SSLProtocol -TLSv1.2'. Have a look at 'SSLCipherSuite' and 'SSLHonorCipherOrder', may be you need to change the order here. As a quick test I would say that it didn't work, Apache claimed that "AH02231: No SSL protocols available [hint: SSLProtocol]" -> So, for 'second.server.on.my.domain' I had to set the protocol as SSLProtocol -all TLSv1.3 in order to make it work again... But I have to make more tests, maybe I was too fast and I forgot something... Thank you very much, Marian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|