1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

SSLProtocol: Illegal protocol 'TLSv1.1'

Discussion in 'Apache' started by Nitish_Johar, Nov 17, 2015.

0
  1. #2
    Hi,
    I've been facing an issue while enabling TLSv1.1 & TLSv1.2

    Error: SSLProtocol: Illegal protocol 'TLSv1.1'

    Earlier I was using below details:

    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA: DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA: DES-CBC3-SHA

    Apache version: Apache/2.2.24 (Unix)
    OpenSSL 1.0.1e-fips

    Please do let me know, what can be done to enable TLSv1.1 &1.2 successfully.

    Thanks,
    Nitish
     
    Nitish_Johar, Nov 17, 2015 IP
  2. Roger S

    Roger S Active Member

    Messages:
    46
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    58
    #4
    Hello,

    Looks like it a part from the pre_main_global.conf.

    This is what I use and it allows me a A+ rating on SSlabs

    -----------
    SSLProtocol -All +TLSv1.1 +TLSv1.2
    SSLHonorCipherOrder on
    SSLCompression off
    SSLSessionTickets off

    SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

    SSLUseStapling on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    -------------



    I have a CentOS 6.7 Server, cPanel, Apache 2.4 (Works also on 2.2)



    ****TLS1.2 will not work if you have CentOS 5.x
     
    Roger S, Dec 26, 2015 IP