https://bz.apache.org/bugzilla/show_bug.cgi?id=55707
--- Comment #19 from [email protected] <[email protected]> --- Here, the problem was that all vhosts with the same ip only accepted TLS1.2, no matter that the config of some vhosts allows TLS1.0 and 1.1. The only way to get TLS1.0 on one vhost was to add SSLProtocol ALL -SSLv2 -SSLv3 to all vhosts with the same ip. This used to work on apache 2.2. The interesting thing is that no vhost disabled all protocols. They had the following settings: SSLProtocol ALL -SSLv2 -SSLv3 SSLProtocol -ALL +TLSv1.1 +TLSv1.2 +TLSv1.3 SSLProtocol -ALL +TLSv1 +TLSv1.2 +TLSv1.3 (some of them multiple times) So, it seems like if one vhost disables TLSv1 and another disables TLSv1.1, all of the vhosts gets both TLSv1 and TLSv1.1 disabled. This is bad because we want to disable TLSv1 everywhere possible. As far as I know, only one host really needs TLSv1. Now I had to enable TLSv1 on all vhosts (that share the same ip). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
