apache2 with letsencrypt certbot disable TLS 1.0 and TLS 1.1

Phanix
·
·
IPFS
·

Due to security issues, many browsers have begun to not support TLS 1.0 and TLS 1.1. Details can be found here .

When using certbot to install the ssl certificate issued by letsencrypt, when checking through https://www.ssllabs.com/ , it will be marked as B because the system also supports these two versions of TLS.

But open apache2 ssl settings (ubuntu 18.04 in /etc/apache2/mods-enable/ssl.conf) even if the SSLProtocol is turned off TLSv1 TLSv1.1, the check through ssllabs is still the same. The reason is that it is actually added in the site config

 Include /etc/letsencrypt/options-ssl-apache.conf

So what really needs to be changed is /etc/letsencrypt/options-ssl-apache.conf, just turn off TLSv1 TLSv1.1 in the SSLProtocol line.

 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Original link: Phanix's Blog

CC BY-NC-ND 2.0

Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!