Comment 27 for bug 1665151

Revision history for this message
In , Aaronjchamberlain (aaronjchamberlain) wrote :

While not relating to the discussion of certain SSLProtocol and SSLCipherSuite combinations halting desired SSLProtocols, I did want to add that I had an issue where Let's Encrypt was holding my desired changes back.

I was attempting to use the directive:
`SSLProtocols -all +TLSv1.1 +TLSv1.2` but TLSv1 was still being used. Due to this bug report I noticed that one of my upper Virtual Hosts was indeed using a cert from LE, and in that file they had a default of
SSLProtocol all -SSLv2 -SSLv3

If I could make a suggestion, it would be that we work towards getting more explicit control over what SSLProtocol directives get inherited. It seems strange that a file in a single Virtual Host reference would take precedence over global directives in both my ssl.conf and httpd.conf files.