6

I want to enable TLS 1.2 in Ubuntu server 18.

I have edited the /etc/apache2/mods-available/ssl.conf, adding 

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on

but still Apache is using tls 1.0. Is it possible to activate tls 1.2?

The Apache version is Apache/2.4.29 (Ubuntu)

Improve this question
2
  • 2
    Aren't you missing +TLSv1.2? Commented Jan 16, 2020 at 14:14
  • @Álvaro González yes. Commented Jan 16, 2020 at 16:28

1 Answer 1

Reset to default
12

To enable TLS 1.2 in Apache, you will need to change/add the SSLProtocol directive.

Note: To do any of this, mod_ssl should be enabled, if not, use the command sudo a2enmod ssl.

The below configuration line will disable all TLS versions except TLSv1.2.

SSLProtocol -all +TLSv1.2 #This makes Apache to support only TLSv1.2


You can also support TLSv1.3 if you have OpenSSL 1.1.1 or newer. You can check the OpenSSL version by running the command: openssl version in the terminal, etc. You will also need Apache version 2.4.36 or more to use the TLSv1.3 provided by OpenSSL. You can also support TLSv1.3 together with TLSv1.2 using SSLProtocol -all +TLSv1.2 +TLSv1.3.

Improve this answer
Sign up to request clarification or add additional context in comments.

23 Comments

I ran command apachectl -M,-> ssl_module (shared),http_module (static), this are the modules I believe are linked with the command you said to run. Also when I ran command : openssl version OpenSSL 1.1.1 But when I change the ssl.conf, and added TLS 1.3, the apache didn't start
Run journalist -xe
See the output of that command. And see why Apache didn't start.
Change SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 to SSLProtocol -all +TLSv1.2
@Sajeev, I am pretty sure you are using Apache Tomcat. I cannot help you with that since I do not have any experience with it. I am sorry
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.