Topic: SSLProtocol: Illegal protocol '"TLSv1.1"'

[aneesh_new]

Hello All,

I am using Redhat 7.3/Apache 2.2.29/OpenSSL 1.0.1e-fips 11 Feb 2013.

Iam have a vulnerability which says SSL/TLS Server supports TLSv1.0. To remediate this i tried to add the line "SSLProtocol All -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2" in httpd.conf and restarted apache. But restart throws the error SSLProtocol: Illegal protocol '"TLSv1.1"'.

Then i tried installing mod_ssl package using yum.
But mod_ssl installation is asking me to install below dependencies.

Installing:
mod_ssl x86_64 1:2.4.6-40.el7 redhat_base 103 k
Installing for dependencies:
apr x86_64 1.4.8-3.el7 PatchBundle-nonreboot-Q3FY17 103 k
apr-util x86_64 1.5.2-6.el7 PatchBundle-nonreboot-Q3FY17 92 k
httpd x86_64 2.4.6-40.el7 PatchBundle-reboot-Q3FY16 1.2 M
httpd-tools x86_64 2.4.6-40.el7 PatchBundle-reboot-Q3FY16 82 k

If i look at the above dependencies, its like iam upgrading apache to 2.4.6 version.

how can i install mod_ssl package without upgrading apache ?

[smt_smt]

If you only want to disable TLS 1.0, following line is enough:
SSLProtocol All -SSLv2 -SSLv3 -TLSv1

You should not need to specify that you are not disabled tLS1.1 and TLS1.2. By using above line, you simple disable 1.0 and allow 1.1 & 1.2

After that you can test TLS 1.0 with curl --tlsv1

Regards