How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?

How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?

November 5, 2019 by Karthik3 Comments

To Disable/Enable the SSL/TLS protocols those are SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 and TLS 1.3, you should configure the SSL setting configuration file in Ubentu/Apache/Linux Server.

You must first locate the SSL configuration file location. You can find the configuration file in below path,

/etc/apache2/sites-enabled/*.conf

Note: If not found check any of below location.

Main -> httpd.conf file
/etc/httpd/conf.d
/etc/httpd/conf.d/web.conf

You can edit the configuration file any of your preferred editor and have make the change to enable/disable the required protocols and save it again.

The Config file Format is like below with VirtualHost Section.

<VirtualHost *:443>
   ServerName www.yourdomain.com
   DocumentRoot /var/www/html
   SSLEngine on
   SSLCertificateFile /etc/apache2/certificates/certificate.crt
   SSLCertificateKeyFile /etc/apache2/certificates/certificate.key       
   SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt 
</VirtualHost>

You need to add the below line under the SSLEngine to set SSL Protocols

Syntax:
SSLProtocol +/-{Protocol Name}

To Enable Only TLS 1.0:

SSLProtocol +TLSv1

This will only allow TLS 1.0 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1.1 -TLSv1.2 +TLSv1

To Enable Only TLS 1.1:

SSLProtocol +TLSv1.1

This will only allow TLS 1.1 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.2 +TLSv1.1

To Enable Only TLS 1.2:

SSLProtocol +TLSv1.2

This will only allow TLS 1.2 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2

To Enable TLS 1.1 and TLS 1.2:

SSLProtocol +TLSv1.1 +TLSv1.2

This will only allow TLS 1.1 and TLS 1.2 protocols.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2

To Enable TLS 1.0, TLS 1.1 and TLS 1.2:

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

This will only allow TLS 1.0, TLS 1.1 and TLS 1.2 protocols.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

Example Virtual Host File which only allows TLS 1.1 and TLS 1.2

<VirtualHost *:443>
   ServerName www.yourdomain.com
   DocumentRoot /var/www/html
   SSLEngine on
   SSLProtocol +TLSv1.1 +TLSv1.2 
   SSLCertificateFile /etc/apache2/certificates/certificate.crt
   SSLCertificateKeyFile /etc/apache2/certificates/certificate.key 
   SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt 
</VirtualHost>

Once changed this VirtualHost configuration file, you need to restart the apache. To restart the apache service use below command in Putty Command Window.

sudo service apache2 restart

Karthik

He is a product manager at a reputed software company and a freelance blog writer. He is experienced in different technologies, web securities, and web applications. He keeps learning and make himself up to date on the latest technologies, news, health, and fitness. This encouraged him to share his experiences by writing articles.

3 thoughts on “How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?”

Pingback: Server Bug Fix: How can I disable TLS 1.0 and 1.1 in apache? - TECHPRPR
Pingback: TLS 1.2 Supported OS and Browsers | Security Best Practices - EK's Blog
Celebrities says:

October 4, 2020 at 8:45 am

Just wish to say your article is as astonishing. The clearness in your submit is simply excellent and i could suppose you are knowledgeable in this subject. Fine together with your permission let me to grab your RSS feed to stay up to date with forthcoming post. Thank you a million and please keep up the gratifying work.

Reply

Leave a Reply Cancel reply

Back To Top

%d bloggers like this: