Please enable JavaScript. Many features of this site will not work with JavaScript disabled including comment submissions, contact forms, and login forms.

Smart Design + Smart Code

Can’t Disable Old Versions of SSL/TLS in Apache

Camille Spain

Full-stack engineer, designer, marketer. Helping small organizations build experiences that work in the digital age.

So you changed your SSLProtocol directive to disable outdated SSL/TLS versions in Apache, but testing tools are still showing the old protocols enabled. I ran into this problem while upgrading a server recently.

It could be as simple as an unedited SSLProtocol entry. Use grep to see if you missed one. In my case, the problem was in the Let’s Encrypt configuration file /etc/letsencrypt/options-ssl-apache.conf.

Response

  1. Mark
    Reply

    Thanks for your blog, nice to read. Do not stop.

Leave a Reply

Your email address will not be published. Required fields are marked *