VirtualHost and SSLProtocol settings ignored.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: VirtualHost and SSLProtocol settings ignored.
From: Thomas Plant <thomas@plant.systems>
Date: Wed, 14 Oct 2020 10:56:10 +0200
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2

Hello,

I have a virtualhost where i need to allow only TLSv1.2.

Tried following config:

<VirtualHost *:443>
ServerName xxxxxx
ServerAlias xxxxxx
..
.. cut rest to shorten a bit
..
SSLEngine On
SSLProtocol -all +TLSv1.2
SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx/chain.pem
</VirtualHost>

But when I do a test with "nmap --script ssl-enum-ciphers -p 443 URLofSite | grep TLSv" I always see that TLSv1.1 is still activated. Also tested with other tools like ssllabs.com....
As found on serverfault.com I tried the following directive too but without success:

SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"

Seems that the generic config file in /etc/httpd/conf.d/ssl.conf always overrides my settings in the virtualhost?

Thanks for any help,
Thomas

Follow-Ups:
- Re: VirtualHost and SSLProtocol settings ignored.
  - From: Stefan Eissing
- Re: VirtualHost and SSLProtocol settings ignored.
  - From: Thomas Plant

Prev by Date: How to restrict page access to certain IPs using Apache httpd 2.4
Next by Date: Re: VirtualHost and SSLProtocol settings ignored.
Previous by thread: How to restrict page access to certain IPs using Apache httpd 2.4
Next by thread: Re: VirtualHost and SSLProtocol settings ignored.
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]