https://bz.apache.org/bugzilla/show_bug.cgi?id=55707
--- Comment #11 from Mike Haller <[email protected]> --- > Is a client that speaks both TLSv1.2 and TLSv1.3 able to connect to vhost B > at all? Yes. Such a client could speak to both. The case I am solving is this: <vhost A> SSLProtocol +TLSV1 +TLSV1.1 +TLSV1.2 </vhost A> <vhost B> SSLProtocol +TLSV1.2 </vhost B> This configuration allows for vhost B to accept only the newest protocol implemented in 2.4.33. It will function as expected if you write "SSLProtocol +TLSV1.1" for vhost B. However, I would not consider that a useful configuration because I think that the concept "minimum TLS version needed to connect to this host" is more likely than arbitrarily specifying versions. For example, PCI DSS (the credit card security standard) is requiring that TLSv1 and TLSv1.1 can no longer be used to connect after June 30, 2018, but allows for any newer protocols TLSv1.2, TLSv1.3, etc. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
