Sorry, to bother with this common issue which I found lots of resources on the web but non has worked for me.
I have Apache/2.4.51 (Unix) OpenSSL/1.1.1l PHP/7.3.33 mod_perl/2.0.11 Perl/v5.32.1 installed with XAMPP on Ubuntu Server 20.04.
My SSL certificate has been made with letsencrypt Certbot https://certbot.eff.org/
I still get this result from Qualys https://www.ssllabs.com/ssltest/
This server supports TLS 1.0 and TLS 1.1
What I did.
On /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
#SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder on
# enabling Perfect Forward Secrecy
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLCompression off
SSLOptions +StrictRequire
I tried many other way to write it but none has worked.
On /opt/lampp/etc/extra/httpd-vhosts.conf
<VirtualHost *:443>
#ServerAdmin [email protected]
#DocumentRoot "/opt/lampp/htdocs/"
ServerName myserver.name
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myserver.name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.name/privkey.pem
SSLProtocol -all +TLSv1.3 +TLSv1.2
ErrorLog "logs/myserver.name-error_log"
CustomLog "logs/myserver.name-access_log" common
</VirtualHost>
but it seems has no effect. I read that letsencrypt options-ssl-apache.conf overrides any Apache SSL directives.
I made some improvement in my SSL evaluation adding Perfect Forward Secrecy, but I think it could be more robust. When I'll succeed to disable TLSv1.x I'll try to use this guide.
There is also /opt/lampp/etc/extra/httpd-ssl.conf but it has no SSLProtocol directive written, so I've avoided to edit it.
I have edited instead /opt/lampp/etc/original/extra/httpd-ssl.conf
SSLHonorCipherOrder on
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
#SSLProtocol all -SSLv3
SSLProtocol +TLSv1.2 +TLSv1.3 -TLSv1 -TLSv1.1 -SSLv3 -SSLv2
#SSLProxyProtocol all -SSLv3
SSLProxyProtocol +TLSv1.2 +TLSv1.3
SSLEngine on
Again, it seems to have no effect whatsoever.
Obviously I have stop and restarted the server.
sudo /opt/lampp/lampp stop
sudo /opt/lampp/lampp start
Thanks for your help.
Solved.
to /opt/lampp/etc/extra/httpd-ssl.conf