Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: How to disable TLS1.0 on specific port in linux(RHEL) |
|
| Author |
|
AshokRaja
Joined: 02 Nov 2022
Posts: 1
Location: India
|
 Posted: Wed 02 Nov '22 10:16 Post subject: How to disable TLS1.0 on specific port in linux(RHEL) |
 |
|
We are running our java application on RHEL 8.5 OS platform. And we made the changes in Apache's ssl.conf file like below,
| Code: |
SSLProtocol -ALL +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:AES256-CCM:DHE-RSA-AES256-CCM
|
We used some commands to verify whether we are using TLS1.0 and TLs1.1 protocols or not. As expected, we got positive results that both protocols are disabled. Please find the below commands which we used to verify,
| Code: |
1. openssl s_client -connect <IP_ADDRESS>:8443 -tls1
2. nmap -sV --script ssl-enum-ciphers -p 8443 <IP_ADDRESS>
|
But during the vulnerability scan(Nessus Scan), we got that a port is usnig TLS1.0 protocol.
Please let me know how to block TLS1.0 protocol on a specific port?
Thanks. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Thu 12 Jan '23 13:46 Post subject: |
|
|
| For a single vhost? Or for an IP? |
|
| Back to top |
|
|
|
|
|
|
