[英]How to enable the old TLS 1.0 and TLS 1.1 on Apache on Ubuntu 20.04
Summary: We need to re-enable old TLS 1.0 / TLS 1.1 on Apache on Ubuntu 20.04 to support old application.摘要:我们需要在 Ubuntu 20.04 上重新启用 Apache 上的旧 TLS 1.0 / TLS 1.1 以支持旧应用程序。
Background: We have recently upgraded from Ubuntu 18.04 to 20.04.背景:我们最近从 Ubuntu 18.04 升级到 20.04。 One of our old Windows application has stopped working.
我们的旧 Windows 应用程序之一已停止工作。 We have diagnosed the problem down to our new server not accepting TLS 1.0 / 1.1 connections.
我们已将问题诊断为我们的新服务器不接受 TLS 1.0 / 1.1 连接。 How can we re-enable these old protocols?
我们如何重新启用这些旧协议? We know these are less secure but that serves our purpose right now.
我们知道这些不太安全,但这符合我们的目的。
We have tried adding SSLProtocol +TLSv1 +TLSv1.1
to the Apache config but it does not work.我们尝试将
SSLProtocol +TLSv1 +TLSv1.1
添加到 Apache 配置,但它不起作用。
Please help.请帮忙。
You should try to specify SSLCipherSuite
with an extra @SECLEVEL=1
pseudo-protocol.您应该尝试使用额外的
@SECLEVEL=1
伪协议指定SSLCipherSuite
。 The default security level in Ubuntu 20.04 will not allow to use TLSv1 even if you explicitly set it in the supported protocols list. Ubuntu 20.04 中的默认安全级别将不允许使用 TLSv1,即使您在支持的协议列表中明确设置它也是如此。
Try:尝试:
SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:@SECLEVEL=1
The thing that eventually works for me is replacing最终对我有用的是替换
SSLCipherSuite HIGH:!aNULL
with和
SSLCipherSuite TLSv1:@SECLEVEL=1
in /etc/apache2/mods-avalable/ssl.conf
在
/etc/apache2/mods-avalable/ssl.conf
The SSLProtocol
lines had no effect for me, although they might work if they are put in the first vhost configuration that Apache encounters. SSLProtocol
行对我没有影响,尽管如果将它们放入 Apache 遇到的第一个虚拟主机配置中,它们可能会起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.