Package: apache2 Version: 2.4.38-3 Hi,
I was expecting TLS 1.0 and 1.1 to be disabled, since that's the OpenSSL default. But it seems that apache2 always calls SSL_CTX_set_min_proto_version, with the lowest version that's enabled in the config file, even if the config file doesn't doesn't actually set it. Could you change the default to: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 It might not fix it for everybody. I have an /etc/letsencrypt/options-ssl-apache.conf file that also has an SSLProtocol line in it. Kurt
