In this tutorial we learn how to disable TLS 1.0 and 1.1 in Apache/Nginx or Tomcat . SSL (Secure Socket layer) and TLS ( Transport Layer Security both are cryptographic protocols that provide communication security over network. For instance: when a client connect to a web server a handshake will happen starting a TLS or SSL connection.
When handshake happens the client and server exchange multiple ciphers and hash algorithms. During this time a server also provide its digital certificates to the client.
In the Corona epidemic a lots of incident happened due to hacking activity. Over the year vulnerabilities have been discovered in the deprecated SSL and TLS protocols. Due to this reason we should disable tls 1.0 and tls 1.1 or SSLv2, SSLv3 in your server configuration and enable TLS 1.2 or 1.3.
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Apache
Here I am gong to disable tls 1.0 or 1.1 or SSLv2 and SSLv3 in Apache. You may be need to change multiple location depends on your configuration.
I am going to change in default Apache config file :
If it is configured in Virtual Host you can find it here:
Now change this line in your configuration file like below find the “SSLProtocol” and change with below line:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Here Apache will enable all protocols and disable SSLv2 and SSLv3 or TLS 1.0 and TLS 1.1.
Finally restart Apache/Httpd service using below command:
service httpd restart
service apache2 restart
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Nginx
Here I am gong to disable tls 1.0 or 1.1 or SSLv2 and SSLv3 in Nginx. You may be need to change multiple location depends on your configuration.
I am going to change in default Nginx config file :
Or it may be individual server block configuration:
Find the line “ssl_protocols” and modify it like below:
This line will enable the only TLS 1.2 protocols. Once done restart Nginx service.
service nginx restart
Disable TLS 1.0 and 1.1 or SSLv2 and SSLv3 in Tomcat
You will need to modify server.xml file in tomcat to Disable TLS 1.0 and 1.1.
Tomcat 5 & 6 (Prior to 6.0.38)
In the server.xml file make sure sslProtocols should be enabled like below:
sslProtocols = "TLSv1.2"
Tomcat 6 & 7 (18.104.22.168 and newer)
Do the same here as well like above configuration. In the server.xml file make sure sslEnabledProtocols should be enabled like below:
sslEnabledProtocols = "TLSv1.2"
Once done restart the Tomcat service.