DEVHIDE
Login Or Sign up

Disable TLS 1 TLS1.1 on ubuntu server with xampp

1.8k Views Asked by At

Sorry, to bother with this common issue which I found lots of resources on the web but non has worked for me.

I have Apache/2.4.51 (Unix) OpenSSL/1.1.1l PHP/7.3.33 mod_perl/2.0.11 Perl/v5.32.1 installed with XAMPP on Ubuntu Server 20.04.

My SSL certificate has been made with letsencrypt Certbot https://certbot.eff.org/

I still get this result from Qualys https://www.ssllabs.com/ssltest/

This server supports TLS 1.0 and TLS 1.1

What I did.

On /etc/letsencrypt/options-ssl-apache.conf

SSLEngine on

#SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol             +TLSv1.2 +TLSv1.3

SSLHonorCipherOrder     on

# enabling Perfect Forward Secrecy
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

SSLCompression          off
SSLOptions +StrictRequire

I tried many other way to write it but none has worked.

On /opt/lampp/etc/extra/httpd-vhosts.conf

<VirtualHost *:443>
    #ServerAdmin [email protected]
    #DocumentRoot "/opt/lampp/htdocs/"
    ServerName myserver.name
    SSLEngine On
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/myserver.name/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/myserver.name/privkey.pem
    SSLProtocol -all +TLSv1.3 +TLSv1.2
    ErrorLog "logs/myserver.name-error_log"
    CustomLog "logs/myserver.name-access_log" common
</VirtualHost>

but it seems has no effect. I read that letsencrypt options-ssl-apache.conf overrides any Apache SSL directives.

I made some improvement in my SSL evaluation adding Perfect Forward Secrecy, but I think it could be more robust. When I'll succeed to disable TLSv1.x I'll try to use this guide.

There is also /opt/lampp/etc/extra/httpd-ssl.conf but it has no SSLProtocol directive written, so I've avoided to edit it.

I have edited instead /opt/lampp/etc/original/extra/httpd-ssl.conf

SSLHonorCipherOrder on

SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

#SSLProtocol all -SSLv3
SSLProtocol +TLSv1.2 +TLSv1.3 -TLSv1 -TLSv1.1 -SSLv3 -SSLv2

#SSLProxyProtocol all -SSLv3
SSLProxyProtocol +TLSv1.2 +TLSv1.3

SSLEngine on

Again, it seems to have no effect whatsoever.

Obviously I have stop and restarted the server.

sudo /opt/lampp/lampp stop

sudo /opt/lampp/lampp start

Thanks for your help.

apache ssl xampp ubuntu-server tls1.0
Original Q&A
1

There are 1 best solutions below

0
On

Solved.

#
Listen 443

#added this line
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1

to /opt/lampp/etc/extra/httpd-ssl.conf

Related Questions in APACHE

Related Questions in SSL

Related Questions in XAMPP

Related Questions in UBUNTU-SERVER

Related Questions in TLS1.0

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.