Comment 6 for bug 1665151
Revision history for this message
|
|
#6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Changes in SSLProtocol seem to be ignored.
This can be observed in all SSL testers I've used.
The testssl script provides an easy way to check this, without having to wait for minutes (like SSLLabs) for output.
Problem can be shown via...
testssl --protocols https:/
Environment - Apache-4.2.5 + OpenSSL 1.0.2k + Ubuntu Yakkety.
My goal == disable TLS 1.0 for some of my hosting clients who have PCI requirements for this level of TLS to be disabled.
None of these permutations work. In fact, I can't find any SSLProtocol setting which changes protocols at all. In all cases SSL2 + SSL3 are disabled + all TLS versions are enabled.
Settings tried, that fail to disable TLSv1...
# SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# SSLProtocol -All TLSv1.2
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1
# SSLProtocol -all +TLSv1.2
# SSLProtocol TLSv1.2 -TLSv1
# SSLProtocol TLSv1.2
# SLProtocol -All +TLSv1.1 +TLSv1.2
SSLProtocol all -SSLv2 -SSLv3 -TLSv1