Hi, I've been facing an issue while enabling TLSv1.1 & TLSv1.2 Error: SSLProtocol: Illegal protocol 'TLSv1.1' Earlier I was using below details: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA: DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA: DES-CBC3-SHA Apache version: Apache/2.2.24 (Unix) OpenSSL 1.0.1e-fips Please do let me know, what can be done to enable TLSv1.1 &1.2 successfully. Thanks, Nitish
Hello, Looks like it a part from the pre_main_global.conf. This is what I use and it allows me a A+ rating on SSlabs ----------- SSLProtocol -All +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK" Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off ------------- I have a CentOS 6.7 Server, cPanel, Apache 2.4 (Works also on 2.2) ****TLS1.2 will not work if you have CentOS 5.x