I am trying to enable ONLY TLS 1.2 on Ubuntu 16.04 with Apache 2.4. I have read other similar questions, but the implementations in them do not work here.
Currently TLS 1, 1.1, and 1.2 are enabled. No matter how I change my /etc/apache2/mods-enabled/ssl.conf
(I also changed the one under mods-available
), and the enabled protocols do not change when testing.
I've tried all sorts of configs, including:
SSLProtocol TLSv1.2
SSLProtocol all -TLSv1 -TLSv1.1 -SSLv3
SSLProtocol TLSv1.1 TLSv1.2
I've also restarted the apache service, even restarted the device as well. And verified the config via apache2ctl -t
.
Why is this? How can I disable these? Is there some other config location?
Note: There are no other ssl.conf
on the system, only the ones under the apache2
directory where found via find
.
Best Answer
Since I was using
certbot
from Lets Encrypt, the SSL config was located at/etc/letsencrypt/options-ssl-apache.conf
.