Comment 14 for bug 1665151

Revision history for this message
In , Martin PANEL (mortin) wrote :

I have similar issue. Whatever I set in SSLProtocol it's ignored.

apache2ctl -v
Server version: Apache/2.4.10 (Debian)
Server built: Feb 24 2017 18:40:28

openssl version
OpenSSL 1.0.1t 3 May 2016

If I use the settings provided by David Favor :

SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite ALL:!ADH:!aNULL:!EXP:!EXPORT40:!EXPORT56:!3DES:!eNULL:!NULL:!RC4:!DES:!MD5:!LOW:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA

I got only TLSv1.2 enabled, not TLSv1.1.

I could find a way to activate TLSv1.1, with or without TLSv1. All the time, only TLSv1.2 (I tried a lot of different ciphers suite).

Note that if I try with the openssl s_server command, all is working as expected.