How to disable TLS 1.0, TLS 1.1 in the Linux Apache servers ?

Submitted by sysop on Thu, 08/10/2023 - 13:15

To disable TLS 1.0 and TLS 1.1 in the Linux Apache web servers, you need to modify the server's SSL/TLS configuration. Here are the steps to do this:

  1. Open SSL/TLS Configuration File:
    The location of the SSL/TLS configuration file depends on your operating system and Apache version. Common paths include:
    Ubuntu/Debian: /etc/apache2/mods-available/ssl.conf
    CentOS/RHEL: /etc/httpd/conf.d/ssl.conf

    Use a text editor with administrative privileges to open the configuration file.
     
  2. Locate SSLProtocol Directive:

    Look for the SSLProtocol directive in the configuration file. This directive specifies the allowed SSL/TLS protocol versions.
     

  3. Modify SSLProtocol Directive:

    Update the SSLProtocol directive to disable TLS 1.0 and TLS 1.1, and only allow TLS 1.2 and TLS 1.3. Add or modify the line to look like this:

    SSLProtocol TLSv1.2

    This configuration tells Apache to allow only TLS 1.2 and disable all other protocols.

  4. Save the Configuration File:

    Save your changes to the configuration file.

  5. Restart Apache:

    After making the changes, restart the Apache web server to apply the new configuration:

    sudo systemctl restart apache2   # For Ubuntu/Debian
sudo systemctl restart httpd     # For CentOS/RHEL

  6. Verify the Changes:

    You can use various online SSL testing tools, like Qualys SSL Labs , to test your website's SSL configuration and ensure that TLS 1.0 and TLS 1.1 are disabled.

    Please note that disabling older TLS versions might affect compatibility with older clients. Before implementing these changes in a production environment, make sure to test your website thoroughly to ensure that it remains accessible to your intended audience.

Designed by Techpond