Contents...
In this tutorial we learn how to disable TLS 1.0 and 1.1 in Apache/Nginx or Tomcat . SSL (Secure Socket layer) and TLS ( Transport Layer Security both are cryptographic protocols that provide communication security over network. For instance: when a client connect to a web server a handshake will happen starting a TLS or SSL connection.
When handshake happens the client and server exchange multiple ciphers and hash algorithms. During this time a server also provide its digital certificates to the client.
In the Corona epidemic a lots of incident happened due to hacking activity. Over the year vulnerabilities have been discovered in the deprecated SSL and TLS protocols. Due to this reason we should disable tls 1.0 and tls 1.1 or SSLv2, SSLv3 in your server configuration and enable TLS 1.2 or 1.3.
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Apache
Here I am gong to disable tls 1.0 or 1.1 or SSLv2 and SSLv3 in Apache. You may be need to change multiple location depends on your configuration.
I am going to change in default Apache config file :
In Redhat/CentOS/Fedora
/etc/httpd/conf/httpd.conf
In Ubuntu/Debian
/etc/apache2/apache2.conf
If it is configured in Virtual Host you can find it here:
In Redhat/CentOS/Fedora
/etc/httpd/conf/sites-enabled
In Ubuntu/Debian
/etc/apache2/sites-enabled
Now change this line in your configuration file like below find the “SSLProtocol” and change with below line:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Here Apache will enable all protocols and disable SSLv2 and SSLv3 or TLS 1.0 and TLS 1.1.
Finally restart Apache/Httpd service using below command:
In Redhat/CentOS/Fedora
service httpd restart
In Ubuntu/Debian
service apache2 restart
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Nginx
Here I am gong to disable tls 1.0 or 1.1 or SSLv2 and SSLv3 in Nginx. You may be need to change multiple location depends on your configuration.
I am going to change in default Nginx config file :
/etc/nginx/nginx.conf
Or it may be individual server block configuration:
/etc/nginx/sites-enabled/
Find the line “ssl_protocols” and modify it like below:
ssl_protocols TLSv1.2;
This line will enable the only TLS 1.2 protocols. Once done restart Nginx service.
service nginx restart
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Tomcat
You will need to modify server.xml file in tomcat to Disable TLS 1.0 and 1.1.
Tomcat 5 & 6 (Prior to 6.0.38)
In the server.xml file make sure sslProtocols should be enabled like below:
sslProtocols = "TLSv1.2"
Tomcat 6 & 7 (6.0.3.8 and newer)
Do the same here as well like above configuration. In the server.xml file make sure sslEnabledProtocols should be enabled like below:
sslEnabledProtocols = "TLSv1.2"
Once done restart the Tomcat service.
That’s all!
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
Leave a Comment