Am 14.10.2020 um 10:56 schrieb Thomas Plant:
Hello,
I have a virtualhost where i need to allow only TLSv1.2.
Tried following config:
<VirtualHost *:443>
ServerName xxxxxx
ServerAlias xxxxxx
..
.. cut rest to shorten a bit
..
SSLEngine On
SSLProtocol -all +TLSv1.2
SSLCertificateFile /etc/letsencrypt/live/xxxxx/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/xxxxxx/chain.pem
</VirtualHost>
But when I do a test with "nmap --script ssl-enum-ciphers -p 443
URLofSite | grep TLSv" I always see that TLSv1.1 is still activated.
Also tested with other tools like ssllabs.com....
As found on serverfault.com I tried the following directive too but
without success: |
| SSLOpenSSLConfCmd Protocol "-ALL, TLSv1.2"|
|Seems that the generic config file in /etc/httpd/conf.d/ssl.conf
always overrides my settings in the virtualhost?
Thanks for any help,
Thomas
Sorry, forgot to post essential Information: httpd is version 2.4.46
from ius repo. OS is CentOS 7.
