Skip to main content

unable to disable TLS v1, v1.1

Comments

6 comments

  • kodeslogic
    Are you facing this issue for any particular domain or for all domains hosted on your server? May I know if any CDN service such as Cloudflare you are using for websites?
    0
  • vacancy
    In version 90, tls 1.0 and tls 1.1 should already be disabled. If it is still active even though you disable it via Apache configuration, make sure your site is not using cloudflare or a different cdn service. If your site uses cloudflare, cloudflare TLS rules will apply, as your traffic returns through cloudflare servers. If you are using Cloudflare, edit the following setting from the cloudflare panel. SSL/TLS > Edge Certificates > Minimum TLS Version > TLS 1.2
    0
  • lcdservices
    It's impacting all sites on the server. No -- we're not using Cloudflare. Yes -- I know they should be disabled, which is why this is so puzzling.
    0
  • cPRex Jurassic Moderator
    Hey there! I just checked a site on my personal box that has been updated from version 38 to 92 and confirmed the behavior, but they also aren't specifically disabled. If you change this: "sslprotocol" : "all -SSLv2 -SSLv3", to this "sslprotocol" : "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" your grade will get bumped to an A on SSL Labs and you'll see it is completely off. Can you try that?
    0
  • lcdservices
    that's what it was originally set to. I've since changed it to: TLSv1.2 however -- SSLLabs still indicates v1 a v1.1 are enabled. it makes no sense.
    0
  • cPRex Jurassic Moderator
    Interesting - when I tested on my end I used the "clear cache" button at SSL Labs to scan again, and it instantly picked up the changes on my machine.
    0

Please sign in to leave a comment.