And as asked there this might help as well:
$ a2enmod info
$ systemctl restart apache2
$ apache2ctl -t -D DUMP_CONFIG|grep -i ssl
$ a2dismod info # if it hasn't been enabled before
That is a slightly better info than my Greps above, but still the same result.
Here of my last config trying to falsify the "default has to have TLSv1 to use it in others"
apache2ctl -t -D DUMP_CONFIG|grep -i ssl
# In file: /etc/apache2/mods-enabled/ssl.conf
Syntax OK
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
SSLSessionCache shmcb:/var/run/apache2/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3
# In file: /etc/apache2/sites-enabled/custom1-ssl.conf
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLProtocol All -TLSv1 -TLSv1.1
# In file: /etc/apache2/sites-enabled/custom2-ssl.conf
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
# In file: /etc/apache2/sites-enabled/default-ssl.conf
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLProtocol All -TLSv1 -TLSv1.1
And as asked there this might help as well:
$ a2enmod info
$ systemctl restart apache2
$ apache2ctl -t -D DUMP_CONFIG|grep -i ssl
$ a2dismod info # if it hasn't been enabled before
That is a slightly better info than my Greps above, but still the same result.
Here of my last config trying to falsify the "default has to have TLSv1 to use it in others"
apache2ctl -t -D DUMP_CONFIG|grep -i ssl mods-enabled/ ssl.conf share/apache2/ ask-for- passphrase var/run/ apache2/ ssl_scache( 512000) Timeout 300 sites-enabled/ custom1- ssl.conf eFile /etc/ssl/ certs/ssl- cert-snakeoil. pem eKeyFile /etc/ssl/ private/ ssl-cert- snakeoil. key sites-enabled/ custom2- ssl.conf eFile /etc/ssl/ certs/ssl- cert-snakeoil. pem eKeyFile /etc/ssl/ private/ ssl-cert- snakeoil. key sites-enabled/ default- ssl.conf eFile /etc/ssl/ certs/ssl- cert-snakeoil. pem eKeyFile /etc/ssl/ private/ ssl-cert- snakeoil. key
# In file: /etc/apache2/
Syntax OK
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
SSLPassPhraseDialog exec:/usr/
SSLSessionCache shmcb:/
SSLSessionCache
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3
# In file: /etc/apache2/
SSLEngine on
SSLCertificat
SSLCertificat
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLProtocol All -TLSv1 -TLSv1.1
# In file: /etc/apache2/
SSLEngine on
SSLCertificat
SSLCertificat
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
# In file: /etc/apache2/
SSLEngine on
SSLCertificat
SSLCertificat
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SSLProtocol All -TLSv1 -TLSv1.1