logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to disable TLS1.0 on specific port in linux(RHEL)
Author
AshokRaja



Joined: 02 Nov 2022
Posts: 1
Location: India

PostPosted: Wed 02 Nov '22 10:16    Post subject: How to disable TLS1.0 on specific port in linux(RHEL) Reply with quote

We are running our java application on RHEL 8.5 OS platform. And we made the changes in Apache's ssl.conf file like below,

Code:

SSLProtocol -ALL +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:AES256-CCM:DHE-RSA-AES256-CCM


We used some commands to verify whether we are using TLS1.0 and TLs1.1 protocols or not. As expected, we got positive results that both protocols are disabled. Please find the below commands which we used to verify,

Code:

1. openssl s_client -connect <IP_ADDRESS>:8443 -tls1

2. nmap -sV --script ssl-enum-ciphers -p 8443 <IP_ADDRESS>


But during the vulnerability scan(Nessus Scan), we got that a port is usnig TLS1.0 protocol.

Please let me know how to block TLS1.0 protocol on a specific port?

Thanks.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Thu 12 Jan '23 13:46    Post subject: Reply with quote

For a single vhost? Or for an IP?
Back to top


Reply to topic   Topic: How to disable TLS1.0 on specific port in linux(RHEL) View previous topic :: View next topic
Post new topic   Forum Index -> Apache