Apache

How to Enable TLS 1.2 in Apache

enable-tls-1.2-in-apache
mm
Written by Santosh Prasad

Due to lots of vulnerabilities such POODLE (CVE-2014-3566) in SSL 2.0 and SSL 3.0 the latest browsers removed support for these vulnerable protocols. That’s why I recommend move your server to use the TLS version 1.2.

In this article I will show how you can enable TLS 1.2 in Apache web server.

Enable TLS 1.2 in Apache

To enable TLS 1.2 in Apache you need to edit the virtualhost sections for your domain in SSL configuration and add the below SSLProtocol as shown below. This will only enable the TLS 1.2 for your Apache web server disable for all older protocols.

SSLProtocol -all +TLSv1.2

Your Apache virtualhost will look like below.

<VirtualHost *:443>	
        ServerName www.example.com
	DocumentRoot /var/www/html
	
	SSEngine on
	SSLProtocol -all +TLSv1.2
	SSLCertificateFile /etc/httpd/cert.pem
	SSLCertificateKeyFile /etc/httpd/privkey.pem
</VirtualHost>

Restart Apache service

Now restart apache web service to apply the changes.

# service httpd restart

Enable TLS 1.1 and TLS 1.2 in Apache

If you you want to enable the both TLS 1.1 and TLS 1.2 on your development server, you configure your virtualhost section as shown below.

SSLProtocol -all +TLSv1.1 +TLSv1.2

Your virtualhost file will like below.

<VirtualHost *:443>	
        ServerName www.example.com
	DocumentRoot /var/www/html
	
	SSEngine on
	SSLProtocol -all +TLSv1.1 +TLSv1.2
	SSLCertificateFile /etc/httpd/cert.pem
	SSLCertificateKeyFile /etc/httpd/privkey.pem
</VirtualHost>

Restart Apache web service to apply the changes.

# service httpd restart
Thank you! for visiting Look Linux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment