Why isn't SSL TLSv1.0 turning off with vhost flags?

Posted December 15, 2018 1.7k views
ApacheWordPressLet's EncryptUbuntu 16.04

I added the below to the vhost for each domain but when I update the cert then run it on ssllabs it says TLS v 1.0 is still on.

SSLProtocol -all +TLSv1.1 +TLSv1.2
Protocols h2 http/1.1

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey friend,

Good question. I assume you’re restarting the web server after changes, but I’ll bring it up on the small chance that you’re not. Otherwise, perhaps there’s some dependencies between ciphers and protocols that cause your command to be ignored if not reconciled? I’m just guessing, but these have always worked great for me:

I make no promise as to the value of my answer, I’m by no means an SSL expert ;)