Disable TLS 1.0 not working

Discussion in 'Server Operation' started by darkness_08, Oct 7, 2018.

  1. darkness_08

    darkness_08 New Member

    Hey,
    Currently I'm trying to disable TLS1.0 on my Apache 2.4.
    I added the following line in ISPConfig:

    Code:
    SSLProtocol -all +TLSv1.2
    But ssllabs still says:
    How can I set SSLProtocol. I've tried ssl.conf to set it global but it didn't work either.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I doubt that setting SSLProtocol for a single vhost can work. I guess you will have to set it global plus ensure that no other vhost on that server uses a different setting for SSLProtocol.
     
  3. darkness_08

    darkness_08 New Member

    Thx Till,
    I found this:
    https://serverfault.com/questions/6...col-in-apache-for-a-single-virtualhost-poodle
    So, maybe it will work later.
    Btw. Where can I change the ISPConfig Default apache.vhost. Every single vhost contains:
    Code:
    SSLProtocol All -SSLv2 -SSLv3
    Should I change the vhost.conf.master or is there another way?
     
  4. ahrasis

    ahrasis Well-Known Member

    Mostly in /usr/local/ispconfig/server/conf/; so copy the one that you need to /usr/local/ispconfig/server/conf-custom/ and modify there, as the one in /conf/ will be overwritten on ISPConfig update. Use resync to update all vhost automatically thereafter.
     

Share This Page