[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#951067: apache2: unable to disable TLSv1

I think "all" cannot be used like that.

From the docs: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslprotocol

"all" is an alias for "+SSLv3 +TLSv1 +...", so while the raw config file syntax is fine, internally "-all" is probably seen as invalid and replaced by the default "SSLProtocol all -SSLv2 -SSLv3" you see as last line in the config dump, but not as part of any config file.

Using "-all" generally doesn't make much sense. If you want to override (=remove) all previously added protocols, skip the "+" for the first named one.

SSLProtocol TLSv1.2 +TLSv1.3

The +/- behaviour is explained at the SSLOptions section of the docs: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#ssloptions

Best regards,


Reply to: