Bug#951067: apache2: unable to disable TLSv1
I think "all" cannot be used like that.
From the docs:
"all" is an alias for "+SSLv3 +TLSv1 +...", so while the raw config file
syntax is fine, internally "-all" is probably seen as invalid and
replaced by the default "SSLProtocol all -SSLv2 -SSLv3" you see as last
line in the config dump, but not as part of any config file.
Using "-all" generally doesn't make much sense. If you want to override
(=remove) all previously added protocols, skip the "+" for the first
SSLProtocol TLSv1.2 +TLSv1.3
The +/- behaviour is explained at the SSLOptions section of the docs: