Thanks for your answer, Stefan.
So I would suggest to make the documentation of SSLProtocol clear like this:
"
You need to name the 'highest' protocol and the 'lowest' protocol, and all
protocols in between them, without gap.
E.g. if You want to support TLSv1.2 and TLSv1.0, you need to set
SSL
;
> Any suggestion how I can have TLSv1.2 and TLSv1.0 support, but no TLSv1.1
> support at the same time?
>
>
>> Gesendet: Mittwoch, 02. Juni 2021 um 17:29 Uhr
>> Von: "Hildegard Meier"
>> An: users@httpd.apache.org
>> Betreff: [users@httpd] Newer Apache doe
at the same time?
> Gesendet: Mittwoch, 02. Juni 2021 um 17:29 Uhr
> Von: "Hildegard Meier"
> An: users@httpd.apache.org
> Betreff: [users@httpd] Newer Apache does not offer TLS cipher with TLSv1
> anymore
>
> Hello,
>
> we host a website which clients stil
When changing
SSLProtocol -all +TLSv1.2 +TLSv1
to
SSLProtocol -all +TLSv1
then TLSv1.0 support is there:
sslscan gives:
Supported Server Cipher(s):
Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits AES
P.S.
OpenSSL seems to offer the cipher ECDHE-RSA-AES256-SHA via TLSv1 on the new
server (Ubuntu 18):
openssl ciphers -v -s -tls1 | grep '^ECDHE-RSA-AES256-SHA '
ECDHE-RSA-AES256-SHATLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
-
Hello,
we host a website which clients still need to use the cipher
ECDHE-RSA-AES256-SHA
with protocol "TLSv1.0" aka "TLSv1".
With our old Apache server that worked. Spec:
Ubuntu 14.04 LTS
Apache 2.4.7-1ubuntu4.22
OpenSSL 1.0.1f-1ubuntu2.27
Apache config:
SSLProtocol -all +TL
