How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?

Technical

To Disable/Enable the SSL/TLS protocols those are SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 and TLS 1.3, you should configure the SSL setting configuration file in Ubentu/Apache/Linux Server.

You must first locate the SSL configuration file location. You can find the configuration file in below path,

/etc/apache2/sites-enabled/*.conf

Note: If not found check any of below location.

Main -> httpd.conf file
/etc/httpd/conf.d
/etc/httpd/conf.d/web.conf

You can edit the configuration file any of your preferred editor and have make the change to enable/disable the required protocols and save it again.

The Config file Format is like below with VirtualHost Section.

<VirtualHost *:443>
   ServerName www.yourdomain.com
   DocumentRoot /var/www/html
   SSLEngine on
   SSLCertificateFile /etc/apache2/certificates/certificate.crt
   SSLCertificateKeyFile /etc/apache2/certificates/certificate.key       
   SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt 
</VirtualHost>

You need to add the below line under the SSLEngine to set SSL Protocols

Syntax:
SSLProtocol +/-{Protocol Name}

To Enable Only TLS 1.0:

SSLProtocol +TLSv1

  •  This will only allow TLS 1.0 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1.1 -TLSv1.2 +TLSv1

To Enable Only TLS 1.1:

SSLProtocol +TLSv1.1

  • This will only allow TLS 1.1 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.2 +TLSv1.1

To Enable Only TLS 1.2:

SSLProtocol +TLSv1.2

  • This will only allow TLS 1.2 protocol.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2

To Enable TLS 1.1 and TLS 1.2:

SSLProtocol +TLSv1.1 +TLSv1.2

  • This will only allow TLS 1.1 and TLS 1.2 protocols.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2

To Enable TLS 1.0, TLS 1.1 and TLS 1.2:

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

  • This will only allow TLS 1.0, TLS 1.1 and TLS 1.2 protocols.

Note: This will disable all other protocols, so you no need to mention like

SSLProtocol -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

Example Virtual Host File which only allows TLS 1.1 and TLS 1.2

<VirtualHost *:443>
   ServerName www.yourdomain.com
   DocumentRoot /var/www/html
   SSLEngine on
   SSLProtocol +TLSv1.1 +TLSv1.2 
   SSLCertificateFile /etc/apache2/certificates/certificate.crt
   SSLCertificateKeyFile /etc/apache2/certificates/certificate.key 
   SSLCertificateChainFile /etc/apache2/certificates/intermediate.crt 
</VirtualHost>

Once changed this VirtualHost configuration file, you need to restart the apache.  To restart the apache service use below command in Putty Command Window.

sudo service apache2 restart

Advertisements

Published by Karthik

Myself is working in reputed software company. I have experienced in web technologies, website hosting, and website securities. I'm passionate about writing blogs on web technologies, trending topics, and some useful things which myself experiencing in my regular life.

Published

One thought on “How to Disable/Enable SSL/TLS protocols in Ubentu/Apache/Linux Server?

  1. Pingback: Server Bug Fix: How can I disable TLS 1.0 and 1.1 in apache? - TECHPRPR

Leave a Reply