Disabling TLS version 1.0 in Apache in CentOS 7.2.1511

To disable TLS version 1.0 in Apache in CentOS 7.2.1511, update your Apache ssl configuration file with this option -TLSv1 :

[root@localhost:~]# cat /etc/httpd/conf.d/ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1

Make sure that your httpd config file syntax is OK :
[root@localhost:~]# apachectl configtest

Restart your web server :
[root@localhost:~]# systemctl restart httpd.service

Force a tlsv1 connection to your web server with openssl client s_client :

[root@localhost:~]# openssl s_client -connect server_fqdn:443 -tls1

If the output displays “alert handshake failure“, then tls version 1.0 has been disabled.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s