×

Send a request

and we will call back to you soon


By clicking «I Accept» you confirm that you have read and accepted the website Terms and Conditions, Privacy Policy, and Moneyback Policy.
*fields are required

News

25-06-18, How to disable outdated versions of SSL/TLS in Apache

From 30 June 2018, for PCI compatibility, site owners should refuse to support TLS 1.0. The TLS 1.0/1.1 and SSL 2.0/3.0 protocols are obsolete. They do not provide adequate protection for data transfer. In particular, TLS 1.0 is vulnerable to certain attacks. The above versions of the protocols must be removed in environments that require a high level of security.

Almost all modern browsers support TLS 1.2. Below, we will consider how to disable versions of TLS 1.0/1.1 and SSL 2.0/3.0 in Apache.

1. Use vi (or vim) to edit ssl.conf (usually located in /etc/httpd/conf.d). 

2. Look for the SSL Protocol Support section: 

#   SSL Protocol support:

# List the enable protocol levels with which clients will be able to

# connect.  Disable SSLv2 access by default:

SSLProtocol all -SSLv2 -SSLv3 

3. Comment the line SSLProtocol all -SSLv2 -SSLv3, by adding a hash symbol in front of it.

4. Add a line under it:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

5. We have disabled TLS 1.0/1.1 and SSL 2.0/3.0, and are further investigating SSL Cipher Suite.

#   SSL Cipher Suite:

# List the ciphers that the client is permitted to negotiate.

# See the mod_ssl documentation for a complete list.

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

6. Comment the line SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA and add the following under it:

SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

This option ensures the use of SSL encryption only with a high degree of protection.

Also add under SSLCipherSuite HIGH:!aNULL:!MD5:!3DES the line:

SSLHonorCipherOrder on

This parameter ensures that the server cipher preferences will be used, not the client preferences.

Save the file and restart Apache:

service httpd restart

Next, test all applications that interact with your server. If you experience any problems, you can remove the comments (hash symbol) and return to the previous version of the file.

Follow the best SSL practices with LeaderTelecom! 



Start a 14-day Free Trial

Try SSL certificate with a 14-day free trial and feel our great service It’s very easy to start - you don’t risk anything. If you will not like it, just dont pay after end of trial. No credit card required.

Are you ready to try?

Have any questions? Call us now +31 20 7640722

Leave your contact details to get the FAQ by email

A link to download the PDF version of the FAQ has been successfully sent to your email

Error sending mail. Please try again later.


By clicking «I Accept» you confirm that you have read and accepted the website Terms and Conditions, Privacy Policy, and Moneyback Policy.
*fields are required
SSL