Package:apache2 Version:2.4.17 Have an server with OS (Debian 8.9), kernel 3.14-1-amd64 been updated on 4 Oct 2017. Tried to update the SSLCiphersSuite and SSLPortocol in /mods-available/ssl.conf, /sites-available/000-default-ssl.conf and /sites-available/000-default.conf to following:
* SSLCipherSuite HIGH:!aNULL:!RC4:!LOW * SSLProtocol all -SSLv3 -TLSv1 After updated and restarted Apache2, using SSLScan (showing support for RC4 and LOW SSL) and nmap (showing support of TLSv1), there was no change made. On another server, OS is Debian buster/sid, kernel 3.16.0-4-amd64, that been updated on the same day have Apache version 2.4.27 which works fine after the update on SSLProtocol. Thanks John
