Confirmed, many thanks Robin! I had the same problem, even when I removed the ciphers above, TLS1.0 was still active. I added a dummy default page whithout special cipher-suite and SSLProtocol configuration, with a subdomain, which is not registered on public DNS (snakeoil cert). Now TLS1.0 dissapeared on my other virtualhosts. I'm using Apache 2.4.38 (Debian 10)
Your post was really helpful to me, thanks a lot! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1665151 Title: Apache ignores disable TLSv1.0 To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1665151/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs