Hi,

 the setup is httpd-2.4.46 with OpenSSL-1.1.1g. The goal is to support the
following SSL protocols:

TLS1.3
TLS1.2
TLS1  -- for some legacy reason

So I have specified:

SSLProtocol +TLSv1 +TLSv1.2 +TLSv1.3

Using "sslscan" I get:

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   disabled
TLSv1.1   disabled
TLSv1.2   enabled
TLSv1.3   enabled

If I use

SSLProtocol +TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3

There is the same result. I can get 1.0 only if I explicitly enable 1.1

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3

resulting in

  SSL/TLS Protocols:
SSLv2     disabled
SSLv3     disabled
TLSv1.0   enabled
TLSv1.1   enabled
TLSv1.2   enabled
TLSv1.3   enabled

which is not what I want. So, any ideas? Am I doing something wrong?

Cheers
Martin
-- 
------------------------------------------------------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Reply via email to