Comment 47 for bug 1665151

Revision history for this message
In , Mattwalsh447 (mattwalsh447) wrote :

I can confirm I also experienced this issue on the same versions as reported using Ubuntu 18.04 Server (Bionic)

In my instance I was using the a single virtual host with pre-defined certificate and there was no level of SSLProtocol setup vs SSLCipherSuite setting combination (described above) that would disable TLSv1 TLSv1.1, which are my (and probably many other peoples) security requirements.

I tried combinations of general SSL settings and down to virtual host level. No settings appeared to be honored regardless

In terms of 'what to fix'. Well I think there is enough information in the comments here to determine there is an issue between SSLProtocol and SSLCipherSuite, particularly as previous versions have been noted as working successfully.

I would also note that this relationship is NOT documented (that I can find) and if this is determined to be configuration related, then clearer documentation and examples need to be provided.

Clearly people are spending time on this issue, a quick google indicates this is a wide issue.

Unfortunately in my case I don't have any more time to spend working out what should be a 15 minute SSL setup on a web servers. I will be switching to using NGINX and this will be my preferred setup until this issue can be resolved either in fix or documentation.