Why isn't SSL TLSv1.0 turning off with vhost flags?

December 15, 2018 566 views
Apache Let's Encrypt WordPress Ubuntu 16.04

I added the below to the vhost for each domain but when I update the cert then run it on ssllabs it says TLS v 1.0 is still on.

SSLProtocol -all +TLSv1.1 +TLSv1.2
Protocols h2 http/1.1

1 Answer

Hey friend,

Good question. I assume you're restarting the web server after changes, but I'll bring it up on the small chance that you're not. Otherwise, perhaps there's some dependencies between ciphers and protocols that cause your command to be ignored if not reconciled? I'm just guessing, but these have always worked great for me:

https://cipherli.st/

I make no promise as to the value of my answer, I'm by no means an SSL expert ;)

Jarland

Have another answer? Share your knowledge.