I have a similar problem with Ubuntu 18.04 (Apache 2.4.39 + openssl 1.1.0g) and it maybe sheds some light into this.
Protocol is always SSLProtocol -All +TLSv1.2 SSLCipherSuite 1) ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128 -GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE- RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 :ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256 2) ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128 -GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE- RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 Diff is ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, DHE-RSA-AES128 -GCM-SHA256. I played a bit around with those three (using testssl.sh) and looked to me when I enable ECDHE-RSA-AES128-SHA I have TLS 1.0 + 1.1. Which seems strange to me but it's is what I found. What is going on here? Dirk -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1665151 Title: Apache ignores disable TLSv1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1665151/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
