While not relating to the discussion of certain SSLProtocol and
SSLCipherSuite combinations halting desired SSLProtocols, I did want to
add that I had an issue where Let's Encrypt was holding my desired
changes back.

I was attempting to use the directive:
`SSLProtocols -all +TLSv1.1 +TLSv1.2` but TLSv1 was still being used. Due to 
this bug report I noticed that one of my upper Virtual Hosts was indeed using a 
cert from LE, and in that file they had a default of
SSLProtocol all -SSLv2 -SSLv3

If I could make a suggestion, it would be that we work towards getting
more explicit control over what SSLProtocol directives get inherited. It
seems strange that a file in a single Virtual Host reference would take
precedence over global directives in both my ssl.conf and httpd.conf
files.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151

Title:
  Apache ignores disable TLSv1.0

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1665151/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to