While apache in Ubuntu 12.04 does support TLSv1.2, it doesn't allow specifying the configuration options to selectively disable TLSv1.0.
The following commit needs to be backported: https://svn.apache.org/viewvc?view=revision&revision=1445104 ** Package changed: openssl (Ubuntu) => apache2 (Ubuntu) ** Summary changed: - Apache 2.2 on Ubuntu 12.04 LTS only supports TLS1.0 which is vulnerable to BEAST attack + Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 -- You received this bug notification because you are a member of Ubuntu Server/Client Support Team, which is subscribed to apache2 in Ubuntu. Matching subscriptions: Ubuntu Server/Client Support Team https://bugs.launchpad.net/bugs/1400473 Title: Apache 2.2 on Ubuntu 12.04 LTS doesn't allow disabling TLS1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1400473/+subscriptions -- Mailing list: https://launchpad.net/~enterprise-support Post to : [email protected] Unsubscribe : https://launchpad.net/~enterprise-support More help : https://help.launchpad.net/ListHelp
