How can I disable SSLv1, SSLv2 and SSLv3 protocols on Apache 2.4.9 installed on a Windows Server 2008 R2 as a service? (I am not using IIS.)
I still want to have TLSv1.2 protocol on my server.
Here are some of my environment variables:
SERVER_SOFTWARE Apache/2.4.9 (Win32) PHP/5.5.12 OpenSSL/1.0.1g
SSL_PROTOCOL TLSv1.2
Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls
Best Answer
In
conf.d/ssl.conf
,conf/extra/httpd-ssl.conf
, or wherever else you have your mod_ssl settings configured:SSLv1 isn't a thing in mod_ssl. The
All
directive is a shortcut for+SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
, hence the manual removal of v2 and v3.