apache2 with letsencrypt certbot disable TLS 1.0 and TLS 1.1
Due to security issues, many browsers have begun to not support TLS 1.0 and TLS 1.1. Details can be found here .
When using certbot to install the ssl certificate issued by letsencrypt, when checking through https://www.ssllabs.com/ , it will be marked as B because the system also supports these two versions of TLS.
But open apache2 ssl settings (ubuntu 18.04 in /etc/apache2/mods-enable/ssl.conf) even if the SSLProtocol is turned off TLSv1 TLSv1.1, the check through ssllabs is still the same. The reason is that it is actually added in the site config
Include /etc/letsencrypt/options-ssl-apache.conf
So what really needs to be changed is /etc/letsencrypt/options-ssl-apache.conf, just turn off TLSv1 TLSv1.1 in the SSLProtocol line.
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Original link: Phanix's Blog
Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!
