Google Cloud - TLS version

Question

I install certbot ssl and when I run SSL Labs and I am getting a B on Protocol. It is telling I am using TLSv1 and TLSv1.1.

I have tried to find through the SSH everywhere there is SSLProtocol, I change it to +TLSv1.2. /etc/letsencrypt/options-ssl-apache.conf /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf

SSLProtocol all -SSLv2 -SSLv3 +TLSv1.2

Can someone help me?

Do I need in php.ini files?

Answer 1

You could compile apache with the latest version of OpenSSL to enable TLSv1.1 and TLSv1.2 or TLSv1.3

For example:

SSLProtocol +TLSv1.1 +TLSv1.2 +TLSv1.3

to add TLSs1.2 only, you just need to add in your https virtual host configuration:

SSLProtocol -all +TLSv1.2

-all is to remove the ssl protocol (SSL 1,2,3 TLS1) and +TLSv1.2 is adding TLS 1.2

for more compatibility you can use something like:

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3

You can see more information in this link .

You also could check the following guide on how to enable or disable SSL and TSL versions .

Keep in mind that you need to restart your Apache2 to be ready for a test.

And you can test your https website security with an online scanner like this one or this other one .

Note: Apache HTTP Serverversion 2.4.43 or newer is required in order to operate a TLS 1.3 web server with OpenSSL 1.1.1.