Ssl – How to disable TLSv1 and enable TLSv1.2 in apache 2.2.29

SSLCipherSuite ALL:+HIGH:-MEDIUM:-LOW:-SSLv2:-SSLv3

Since you disable all SSL 3.0 ciphers and since TLS 1.0 and TLS 1.1 just use the SSL 3.0 ciphers and since IE 8 does not support TLS 1.2 there will be no shared ciphers. You will probably find some error messages about this in your log files.

Note, that the POODLE attack is a design flaw in the SSL 3.0 protocol, not in the SSL 3.0 ciphers. Thus you should only disable the protocol, not the ciphers.

Also, your current cipher suite includes very dangerous ciphers, because it includes ADH ciphers which don't require any form of identification of the server. With such ciphers man-in-the-middle attacks are possible.

Edit: in your comment you mention that the client is using Windows 7. Windows 7 should support TLS 1.2 but since the client obviously did not do much updates on the system (otherwise there would be no IE 8 in use) it might be that there are problems with IE 8 and TLS 1.2.

It's a little bit old but if this can help someone... Here we go!

It is more related to the first "-" character codification, it is not a standard UTF-8 Minus sign, and Apache does it not recognizes it.

SSLProtocol All **–**TLSv1 -SSLv2 -SSLv3

This is the error I get in my server:

Syntax error on line 162 of /etc/httpd/vhosts.d/test.conf:
SSLProtocol: Illegal protocol '\xe2\x80\x93TLSv1'

Just remove it and write a Minus sign manually, without pasting it from another source. This worked for me.

Thanks and best regards!