I have similar issue. Whatever I set in SSLProtocol it's ignored.
apache2ctl -v Server version: Apache/2.4.10 (Debian) Server built: Feb 24 2017 18:40:28
openssl version OpenSSL 1.0.1t 3 May 2016
If I use the settings provided by David Favor :
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 SSLCipherSuite ALL:!ADH:!aNULL:!EXP:!EXPORT40:!EXPORT56:!3DES:!eNULL:!NULL:!RC4:!DES:!MD5:!LOW:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA
I got only TLSv1.2 enabled, not TLSv1.1.
I could find a way to activate TLSv1.1, with or without TLSv1. All the time, only TLSv1.2 (I tried a lot of different ciphers suite).
Note that if I try with the openssl s_server command, all is working as expected.
I have similar issue. Whatever I set in SSLProtocol it's ignored.
apache2ctl -v
Server version: Apache/2.4.10 (Debian)
Server built: Feb 24 2017 18:40:28
openssl version
OpenSSL 1.0.1t 3 May 2016
If I use the settings provided by David Favor :
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 !aNULL: !EXP:!EXPORT40: !EXPORT56: !3DES:! eNULL:! NULL:!RC4: !DES:!MD5: !LOW:ECDHE- RSA-AES256- GCM-SHA384: ECDHE-RSA- AES256- SHA384: ECDHE-RSA- AES256- SHA:DHE- RSA-AES256- GCM-SHA384: DHE-RSA- AES256- SHA256: DHE-RSA- AES256- SHA:AES256- GCM-SHA384: AES256- SHA256: AES256- SHA
SSLCipherSuite ALL:!ADH:
I got only TLSv1.2 enabled, not TLSv1.1.
I could find a way to activate TLSv1.1, with or without TLSv1. All the time, only TLSv1.2 (I tried a lot of different ciphers suite).
Note that if I try with the openssl s_server command, all is working as expected.