You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/08/23 07:36:35 UTC

[Bug 60739] SSLProtocol settings seem to have no effect

https://bz.apache.org/bugzilla/show_bug.cgi?id=60739

A.Sklepas <a....@digi-web.gr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |a.sklepas@digi-web.gr

--- Comment #17 from A.Sklepas <a....@digi-web.gr> ---
Hi, i can confirm the issue.
I have searched all configs and VHosts no overides are made it should work but 
nmap --script ssl-enum-ciphers -p 443 IP | grep TLSv
returns TLS1.0,  TLSv1.1

I also investigated the claims about letsencrypt:
Read this topic:
https://community.letsencrypt.org/t/how-to-disable-tlsv1/49117/4
On some systems the options-ssl-apache.conf seems to be included in the virtual
hosts.
"Include /etc/letsencrypt/options-ssl-apache.conf"

Anyway not in my case plus i have disabled the options in that file to be
certain.
PS. Why are we waiting to fix this one? I do see servers that have disabled
TLS1 btw...


My info: Apache/2.4.33

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org