I install certbot ssl and when I run SSL Labs and I am getting a B on Protocol. It is telling I am using TLSv1 and TLSv1.1.
I have tried to find through the SSH everywhere there is SSLProtocol, I change it to +TLSv1.2. /etc/letsencrypt/options-ssl-apache.conf
/etc/apache2/mods-available/ssl.conf
/etc/apache2/mods-enabled/ssl.conf
SSLProtocol all -SSLv2 -SSLv3 +TLSv1.2
Can someone help me?
Do I need in php.ini files?
You could compile apache with the latest version of OpenSSL to enable TLSv1.1 and TLSv1.2 or TLSv1.3
For example:
SSLProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3
to add TLSs1.2 only, you just need to add in your https virtual host configuration:
SSLProtocol -all +TLSv1.2
-all
is to remove the ssl protocol (SSL 1,2,3 TLS1) and +TLSv1.2
is adding TLS 1.2
for more compatibility you can use something like:
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3
You can see more information in this link .
You also could check the following guide on how to enable or disable SSL and TSL versions .
Keep in mind that you need to restart your Apache2 to be ready for a test.
And you can test your https website security with an online scanner like this one or this other one .
Note: Apache HTTP Serverversion 2.4.43 or newer is required in order to operate a TLS 1.3 web server with OpenSSL 1.1.1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.