Solution to have TLSv1.2 and TLSv1.0 support together again with Apache 2.4.29
on Ubuntu 18:
Changing
SSLProtocol -all +TLSv1.2 +TLSv1
to
SSLProtocol -all +TLSv1.2 +TLSv1.1 +TLSv1
This gives the following sslscan output:
Supported Server Cipher(s):
Preferred
When changing
SSLProtocol -all +TLSv1.2 +TLSv1
to
SSLProtocol -all +TLSv1
then TLSv1.0 support is there:
sslscan gives:
Supported Server Cipher(s):
Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
Accepted TLSv1.0 256 bits AES
P.S.
OpenSSL seems to offer the cipher ECDHE-RSA-AES256-SHA via TLSv1 on the new
server (Ubuntu 18):
openssl ciphers -v -s -tls1 | grep '^ECDHE-RSA-AES256-SHA '
ECDHE-RSA-AES256-SHATLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
-
