Re: VirtualHost and SSLProtocol settings ignored.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 14.10.2020 um 10:56 schrieb Thomas Plant:
Hello,

I have a virtualhost where i need to allow only TLSv1.2.

Tried following config:

<VirtualHost *:443>
  ServerName xxxxxx
  ServerAlias xxxxxx
..
..  cut rest to shorten a bit
..
  SSLEngine On
  SSLProtocol -all +TLSv1.2
  SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx/chain.pem
</VirtualHost>

But when I do a test with "nmap --script ssl-enum-ciphers -p 443 URLofSite | grep TLSv" I always see that TLSv1.1 is still activated. Also tested with other tools like ssllabs.com....
As found on serverfault.com I tried the following directive too but without success:   

    SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"

Seems that the generic config file in /etc/httpd/conf.d/ssl.conf always overrides my settings in the virtualhost?

Thanks for any help,
Thomas
Sorry, forgot to post essential Information: httpd is version 2.4.46 from ius repo. OS is CentOS 7.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux