I have a similar problem with Ubuntu 18.04 (Apache 2.4.39 + openssl 1.1.0g) and
it maybe sheds some light into this.
Protocol is always
SSLProtocol -All +TLSv1.2
SSLCipherSuite
1) ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128
-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-
RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256
2) ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128
-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-
RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256
Diff is ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES128-SHA, DHE-RSA-AES128
-GCM-SHA256.
I played a bit around with those three (using testssl.sh) and looked to
me when I enable ECDHE-RSA-AES128-SHA I have TLS 1.0 + 1.1. Which seems
strange to me but it's is what I found.
What is going on here?
Dirk
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1665151/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs