To Disable/Enable the SSL/TLS protocols those are SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 and TLS 1.3, you should configure the SSL setting configuration file in Ubentu/Apache/Linux Server.
You must first locate the SSL configuration file location. You can find the configuration file in below path,
/etc/apache2/sites-enabled/*.conf
Note: If not found check any of below location.
Main -> httpd.conf file
/etc/httpd/conf.d
/etc/httpd/conf.d/web.conf
You can edit the configuration file any of your preferred editor and have make the change to enable/disable the required protocols and save it again.
The Config file Format is like below with VirtualHost Section.
<VirtualHost *:443>
ServerName www.yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/apache2/certificates/certificate.crt
SSLCertificateKeyFile /etc/apache2/certificates/certificate.key
SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt
</VirtualHost>You need to add the below line under the SSLEngine to set SSL Protocols
Syntax:SSLProtocol +/-{Protocol Name}
To Enable Only TLS 1.0:
SSLProtocol +TLSv1
- This will only allow TLS 1.0 protocol.
Note: This will disable all other protocols, so you no need to mention like
SSLProtocol -SSLv2 -SSLv3 -TLSv1.1 -TLSv1.2 +TLSv1
To Enable Only TLS 1.1:
SSLProtocol +TLSv1.1
- This will only allow TLS 1.1 protocol.
Note: This will disable all other protocols, so you no need to mention like
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.2 +TLSv1.1
To Enable Only TLS 1.2:
SSLProtocol +TLSv1.2
- This will only allow TLS 1.2 protocol.
Note: This will disable all other protocols, so you no need to mention like
SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2
To Enable TLS 1.1 and TLS 1.2:
SSLProtocol +TLSv1.1 +TLSv1.2
- This will only allow TLS 1.1 and TLS 1.2 protocols.
Note: This will disable all other protocols, so you no need to mention like
SSLProtocol -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
To Enable TLS 1.0, TLS 1.1 and TLS 1.2:
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
- This will only allow TLS 1.0, TLS 1.1 and TLS 1.2 protocols.
Note: This will disable all other protocols, so you no need to mention like
SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
Example Virtual Host File which only allows TLS 1.1 and TLS 1.2
<VirtualHost *:443>
ServerName www.yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol +TLSv1.1 +TLSv1.2
SSLCertificateFile /etc/apache2/certificates/certificate.crt
SSLCertificateKeyFile /etc/apache2/certificates/certificate.key
SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt
</VirtualHost> Once changed this VirtualHost configuration file, you need to restart the apache. To restart the apache service use below command in Putty Command Window.
sudo service apache2 restart
2 replies on “How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?”
[…] Below code will work fine for me, you can check this article to get more details, https://karthikekblog.com/how-to-disable-enable-ssl-tls-protocols-in-ubentu-apache-linux-server/ […]
[…] How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server? […]