Apache – How to Disable TLS 1.1 & 1.2 in Apache

apache-2.2mod-sslopensslssltls

I have an Ubuntu 12.04.2 LTS server running Apache 2.2.22 with mod_ssl and OpenSSL v1.0.1.

In my vhosts config (everything else within which behaves as I would expect), I have the SSLProtocol line with -all +SSLv3.

With that configuration, TLS 1.1 & 1.2 are enabled and work correctly – which is counter-intuitive to me, as I would expect that only SSLv3 would be enabled given that configuration.

I can enable/disable TLSv1 just fine with -/+TSLv1, and it works as expected. But +/-TLSv1.1 and +/-TLSv1.2 are not valid configuration options – so I can't disable them that way.

As for why I'd want to do this – I'm dealing with a third party application (which I have no control over) that has some buggy behavior with TLS enabled servers, and I need to completely disable it to move forward.

Best Answer

Intrigued by this bug (and yes, I've been able to reproduce it) I've taken a look at the source code for the latest stable version of mod_ssl and found an explanation. Bear with me, this is gonna get amateur-stack-overflowish:

When the SSLProtocol has been parsed, it results in a char looking something like this:

0 1 0 0
^ ^ ^ ^
| | | SSLv1
| | SSLv2
| SSLv3
TLSv1

Upon initiating a new server context, ALL available protocols will be enabled, and the above char is inspected using some nifty bitwise AND operations to determine what protocols should be disabled. In this case, where SSLv3 is the only protocol to have been explicitly enabled, the 3 others will be disabled.

OpenSSL supports a protocol setting for TLSv1.1, but since the SSLProtocol does not account for this options, it never gets disabled. OpenSSL v1.0.1 has some known issues with TLSv1.2 but if it's supported I suppose the same goes for that as for TLSv1.1; it's not recognized/handled by mod_ssl and thus never disabled.

Source Code References for mod_ssl:

SSLProtocol gets parsed at line 925 in pkg.sslmod/ssl_engine_config.c
The options used in the above function is defined at line 444 in pkg.sslmod/mod_ssl.h
All protocols gets enabled at line 586 in pkg.sslmod/ssl_engine_init.c whereafter specific protocols gets disabled on the subsequent lines

How to disable it then?

You have a few options:

Disable it in the OpenSSL config file with:
Protocols All,-TLSv1.1,-TLSv1.2
Rewrite mod_ssl ;-)

Related Solutions

Apache – Disable SSLCompression to Defend Against CRIME/BEAST

On March 4, 2013, Red Hat provided updated OpenSSL packages which address this issue. You can receive them through your normal update channels.

The original answer was:

Red Hat has not provided an updated package which provides this functionality, though there is a workaround available. Edit the /etc/sysconfig/httpd file and add this line to it:

export OPENSSL_NO_DEFAULT_ZLIB=1

Then restart Apache:

service httpd restart

This will cause OpenSSL, which provides crypto functions for Apache, to not offer compression.

Ssl – Internet Explorer 8 – TLS Fatal Error Close Notify – Oracle HTTP – Server Apache 2.2.22.0

SSLCipherSuite ALL:+HIGH:-MEDIUM:-LOW:-SSLv2:-SSLv3

Since you disable all SSL 3.0 ciphers and since TLS 1.0 and TLS 1.1 just use the SSL 3.0 ciphers and since IE 8 does not support TLS 1.2 there will be no shared ciphers. You will probably find some error messages about this in your log files.

Note, that the POODLE attack is a design flaw in the SSL 3.0 protocol, not in the SSL 3.0 ciphers. Thus you should only disable the protocol, not the ciphers.

Also, your current cipher suite includes very dangerous ciphers, because it includes ADH ciphers which don't require any form of identification of the server. With such ciphers man-in-the-middle attacks are possible.

Edit: in your comment you mention that the client is using Windows 7. Windows 7 should support TLS 1.2 but since the client obviously did not do much updates on the system (otherwise there would be no IE 8 in use) it might be that there are problems with IE 8 and TLS 1.2.