Bug#943415: apache2: Disable TLS 1.0 and 1.1 by default

Mon, 28 Jul 2025 23:11:40 -0700 

Control: tags 943415 patch

Kurt, et al,

On Thu, 17 Jul 2025 15:01:12 +0200, Kurt Roeckx wrote:
> On Thu, Jul 17, 2025 at 01:23:30AM +0200, Vincent Lefevre wrote:
> > Control: found -1 2.4.63-1
> > Control: found -1 2.4.64-1
> > Control: tags -1 security
> >
> > On 2023-11-15 13:32:32 +0100, David Prévot wrote:
> > > Le Thu, Oct 24, 2019 at 05:50:50PM +0200, Kurt Roeckx a écrit :
> > > > I was expecting TLS 1.0 and 1.1 to be disabled
> > >
> > > Same here. Four years later, RFC 8996 (Deprecating TLS 1.0 and TLS 1.1)
> > > has been published and most clients have been updated, so could we
> > > please review the default SSLProtocol before Trixie gets released?
> >
> > I'm also wondering why they are still enabled by default...
>
> Do you still see it enabled? As far as I know, OpenSSL now not
> only requires you to enable the protocol, but also lower the security
> level to 0 to be able to do TLS 1.0 and 1.1.

Sort of. The following configuration directives:
  LogLevel ssl:trace3
  SSLProtocol all
log the following to /var/log/apache2/error.log:
  ssl_engine_init.c(653): Creating new SSL context
    (protocols: TLSv1, TLSv1.1, TLSv1.2, TLSv1.3)

However, as you said, OpenSSL no longer supports TLS 1.0 and TLS 1.1:
  tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
    https://github.com/openssl/openssl/pull/18236
Debian's default security level is 2:
  Increase default security level from 1 to 2.
    https://salsa.debian.org/debian/openssl/-/commit/182b9256
Thus TLS 1.0 and TLS 1.1 are unusable.

The attached ssl.conf patch might help.

Thank you!
Daniel Lewart
Urbana, Illinois

diff -ru a/config-dir/mods-available/ssl.conf b/config-dir/mods-available/ssl.conf
--- a/config-dir/mods-available/ssl.conf	2025-07-10 11:20:47.000000000 -0500
+++ b/config-dir/mods-available/ssl.conf	2025-07-29 00:00:00.000000000 -0500
@@ -54,7 +54,8 @@
 #   ciphers(1) man page from the openssl package for list of all available
 #   options.
 #   Enable only secure ciphers:
-SSLCipherSuite HIGH:!aNULL
+# Mozilla intermediate configuration
+SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
 
 # SSL server cipher order preference:
 # Use server priorities for cipher algorithm choice.
@@ -66,9 +67,16 @@
 #SSLHonorCipherOrder on
 
 #   The protocols to enable.
-#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
-#   SSL v2  is no longer supported
-SSLProtocol all -SSLv3
+#   Available values: all, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
+#   TLS 1.0 and TLS 1.1 only work at security level 0,
+#   but Debian compiles with OPENSSL_TLS_SECURITY_LEVEL=2
+# Mozilla intermediate configuration
+SSLProtocol -all +TLSv1.2 +TLSv1.3
+# Mozilla modern configuration
+#SSLProtocol -all +TLSv1.3
+
+# Mozilla configuration
+SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1
 
 #   Allow insecure renegotiation with clients which do not yet support the
 #   secure renegotiation protocol. Default: Off

Reply via email to