Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default
Control: tags 943415 patch
Kurt, et al,
On Thu, 17 Jul 2025 15:01:12 +0200, Kurt Roeckx wrote:
> On Thu, Jul 17, 2025 at 01:23:30AM +0200, Vincent Lefevre wrote:
> > Control: found -1 2.4.63-1
> > Control: found -1 2.4.64-1
> > Control: tags -1 security
> >
> > On 2023-11-15 13:32:32 +0100, David Prévot wrote:
> > > Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit :
> > > > I was expecting TLS 1.0 and 1.1 to be disabled
> > >
> > > Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
> > > has been published and most clients have been updated, so could we
> > > please review the default SSLProtocol before Trixie gets released?
> >
> > I'm also wondering why they are still enabled by default...
>
> Do you still see it enabled? As far as I know, OpenSSL now not
> only requires you to enable the protocol, but also lower the security
> level to 0 to be able to do TLS 1.0 and 1.1.
Sort of. The following configuration directives:
LogLevel ssl:trace3
SSLProtocol all
log the following to /var/log/apache2/error.log:
ssl_engine_init.c(653): Creating new SSL context
(protocols: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3)
However, as you said, OpenSSL no longer supports TLS 1.0 and TLS 1.1:
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
https://github.com/openssl/openssl/pull/18236
Debian's default security level is 2:
Increase default security level from 1 to 2.
https://salsa.debian.org/debian/openssl/-/commit/182b9256
Thus TLS 1.0 and TLS 1.1 are unusable.
The attached ssl.conf patch might help.
Thank you!
Daniel Lewart
Urbana, Illinois
diff -ru a/config-dir/mods-available/ssl.conf b/config-dir/mods-available/ssl.conf
--- a/config-dir/mods-available/ssl.conf 2025-07-10 11:20:47.000000000 -0500
+++ b/config-dir/mods-available/ssl.conf 2025-07-29 00:00:00.000000000 -0500
@@ -54,7 +54,8 @@
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
-SSLCipherSuite HIGH:!aNULL
+# Mozilla intermediate configuration
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
# SSL server cipher order preference:
# Use server priorities for cipher algorithm choice.
@@ -66,9 +67,16 @@
#SSLHonorCipherOrder on
# The protocols to enable.
-# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
-# SSL v2 is no longer supported
-SSLProtocol all -SSLv3
+# Available values: all, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
+# TLS 1.0 and TLS 1.1 only work at security level 0,
+# but Debian compiles with OPENSSL_TLS_SECURITY_LEVEL=2
+# Mozilla intermediate configuration
+SSLProtocol -all +TLSv1.2 +TLSv1.3
+# Mozilla modern configuration
+#SSLProtocol -all +TLSv1.3
+
+# Mozilla configuration
+SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
Reply to: