Score:-1

enable tls1.0 and tls1.1 in apache

tk flag

I cannot enable tls 1.0 and 1.1 on my server. configuration:

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          @SECLEVEL=1:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES25-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

openssl version :

OpenSSL 1.0.2k-fips  26 Jan 2017

apache version:

Server version: Apache/2.4.57

What I'm doing wrong?

dave_thompson_085 avatar
jp flag
I'm not sure I agree with the close (to me this is borderline) but anyway: the ciphersuites in your directive are all AEAD (either AES-GCM or CHACHA/POLY) and **AEAD suites don't exist in TLS 1.0 or 1.1**. AEAD suites only exist in 1.2 and 1.3 -- and the 1.3 suites are different from the 1.2 suites, so this list wouldn't work in 1.3 even if you used an OpenSSL version that supports 1.3.
moh3en avatar
tk flag
@dave_thompson_085 What is your suggestion for four protocols to be supported?
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.