Question

Why isn't SSL TLSv1.0 turning off with vhost flags?

I added the below to the vhost for each domain but when I update the cert then run it on ssllabs it says TLS v 1.0 is still on.

SSLProtocol -all +TLSv1.1 +TLSv1.2 Protocols h2 http/1.1

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hey friend,

Good question. I assume you’re restarting the web server after changes, but I’ll bring it up on the small chance that you’re not. Otherwise, perhaps there’s some dependencies between ciphers and protocols that cause your command to be ignored if not reconciled? I’m just guessing, but these have always worked great for me:

https://cipherli.st/

I make no promise as to the value of my answer, I’m by no means an SSL expert ;)

Jarland