On 2018-07-10 04:05:58 [+0200], Philippe Metzger wrote: > For now it seems that OpenSSL 1.1.0f-3+deb9u2 available in stretch/security > force TLS 1.2 only in https when using Apache (whatever SSLProtocol > Directive specify).
This is not true. Stretch has TLS1.0 and up enabled by default. > Is there any way to allow TLS 1 and TLS 1.1 with apache in stable ? This bug is sid only. Testing (as asked by the reported) has TLS1.0+ enabled again. The bug is open because the proper way of getting this fixed is currently in experimental. > Thanks a lot Sebastian