disable tls 1.0 apache

How to Disable TLS 1.0 in Apache

With the arrival of TLS 1.3, the most secure protocol till now, it has become important to disable TLS 1.0 and other less secure protocols on your website. In other words, your website must not accept requests made over TLS 1.0 to avoid attackers and bots to exploit weaknesses in TLS 1.0. In this article, we will look at how to disable TLS 1.0 in Apache server.


How to Disable TLS 1.0 in Apache

Here are the steps to disable TLS 1.0 in Apache.


1. Open Apache Configuration File

Open terminal and run the following command to open Apache configuration file.

$ sudo vi /etc/apache2/httpd.conf

Depending on your system and installation type, the path to your Apache configuration file may be any of the following.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf
  • /etc/httpd/conf/httpd.conf


2. Disable TLS 1.0

Add/Modify the following line containing SSLProtocol Directive to the following

SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 

Save and close the file. This will disable TLS 1.0 and other less secure protocols like SSL v3 across all domains and websites hosted on this server.

If you want to disable TLS 1.0 or SSL v3 in a specific website and not all domains, then open virtual host configuration file for that domain in /etc/apache2/sites-available and make the changes mentioned in this step.


3. Restart Apache Server

Restart Apache server to apply changes.

$ sudo service apache2 restart

TLS 1.3 is the most secure protocol and it is important to upgrade your website to support TLS 1.2 and TLS 1.3. Once you have made the switch, it is also necessary to explicitly disable TLS 1.0 and other protocols, so that your website does not continue to serve requests over these protocols.

Also read:

How to Force User to Change Password in Linux
Shell Script to Automate SSH Login
How to Pause Shell Script
How to Send HTML Mail using Python
How to List All Installed Packages in Ubuntu

Leave a Reply

Your email address will not be published.