TLS 1.0 and 1.1 are outdated security protocols for websites. In this article, we will look at how to disable TLS 1.0/1.1 in Apache web server. It is advisable to stop supporting TLS 1.0 & 1.1, SSL 2.0 & 3.0 since they are obsolete and vulnerable to security attacks.
How to Disable TLS 1.0 /1.1 in Apache Server
Here are the steps to disable TLS 1.0/1.1 in Apache server.
1. Open Apache configuration
Open terminal and run the following command to open Apache configuration file.
$ sudo vi /etc/apache2/httpd.conf
Also read : How to Redirect POST Request Data in .htaccess
2. Disable TLS 1.0/1.1
Look for the following line in bold
# SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 -SSLv3
Change it to
# SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Also read : How to Exclude URL from Auth in Apache
3. Update SSLCipherSuite (Optional)
We will also update SSL Cipher Suite to be more secure. This step is optional and can be skipped if you want.
Look for the following lines.
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
Replace the last line above as shown below and also add SSLHonorCipherOrder on after that.
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite HIGH:!aNULL:!MD5:!3DES SSLHonorCipherOrder on
Save and exit the file.
Also read : How to Check Concurrent Connections in Apache
4. Restart Apache Server
Restart Apache Server to apply changes
$ sudo service apache2 restart OR $ sudo service httpd restart
Use a third-party tool like TLS Checker to check the TLS version of your website.
That’s it. In this article, we have learnt how to disable TLS 1.0 and 1.1 in Apache web server.
Also read : How to Generate Subdomains on the Fly in PHP