enable tls1.0 and tls1.1 in apache

moh3en

9/2/24, 5:30 AM

I cannot enable tls 1.0 and 1.1 on my server. configuration:

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite          @SECLEVEL=1:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES25-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

openssl version :

OpenSSL 1.0.2k-fips  26 Jan 2017

apache version:

Server version: Apache/2.4.57

What I'm doing wrong?

0 + 2

ssl

mod-ssl

openssl

ssl-certificate

apache-2.4

dave_thompson_085

9/2/24, 7:20 AM

I'm not sure I agree with the close (to me this is borderline) but anyway: the ciphersuites in your directive are all AEAD (either AES-GCM or CHACHA/POLY) and **AEAD suites don't exist in TLS 1.0 or 1.1**. AEAD suites only exist in 1.2 and 1.3 -- and the 1.3 suites are different from the 1.2 suites, so this list wouldn't work in 1.3 even if you used an OpenSSL version that supports 1.3.

moh3en

9/2/24, 7:27 AM

@dave_thompson_085 What is your suggestion for four protocols to be supported?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: enable tls1.0 and tls1.1 in apache

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.