Contents...
Due to lots of vulnerabilities such POODLE (CVE-2014-3566) in SSL 2.0 and SSL 3.0 the latest browsers removed support for these vulnerable protocols. That’s why I recommend move your server to use the TLS version 1.2.
In this article I will show how you can enable TLS 1.2 in Apache web server.
Enable TLS 1.2 in Apache
To enable TLS 1.2 in Apache you need to edit the virtualhost sections for your domain in SSL configuration and add the below SSLProtocol as shown below. This will only enable the TLS 1.2 for your Apache web server disable for all older protocols.
SSLProtocol -all +TLSv1.2
Your Apache virtualhost will look like below.
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
SSEngine on
SSLProtocol -all +TLSv1.2
SSLCertificateFile /etc/httpd/cert.pem
SSLCertificateKeyFile /etc/httpd/privkey.pem
</VirtualHost>
Restart Apache service
Now restart apache web service to apply the changes.
# service httpd restart
Enable TLS 1.1 and TLS 1.2 in Apache
If you you want to enable the both TLS 1.1 and TLS 1.2 on your development server, you configure your virtualhost section as shown below.
SSLProtocol -all +TLSv1.1 +TLSv1.2
Your virtualhost file will like below.
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
SSEngine on
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLCertificateFile /etc/httpd/cert.pem
SSLCertificateKeyFile /etc/httpd/privkey.pem
</VirtualHost>
Restart Apache web service to apply the changes.
# service httpd restart
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
Hi, I use Apache in Ubuntu 18.04 Localhost for testing websites locally. So how to get those .pem files for my local testing??
Hi this looks good. But its not working in apache 2.2. we need some extra configuration like in SSL.conf files and add the Line SSLProtocol -all +TLSv1.2. and restart the apache. then it is working.