Hi, the setup is httpd-2.4.46 with OpenSSL-1.1.1g. The goal is to support the following SSL protocols:
TLS1.3 TLS1.2 TLS1 -- for some legacy reason So I have specified: SSLProtocol +TLSv1 +TLSv1.2 +TLSv1.3 Using "sslscan" I get: SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 disabled TLSv1.1 disabled TLSv1.2 enabled TLSv1.3 enabled If I use SSLProtocol +TLSv1 -TLSv1.1 +TLSv1.2 +TLSv1.3 There is the same result. I can get 1.0 only if I explicitly enable 1.1 SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3 resulting in SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 enabled TLSv1.1 enabled TLSv1.2 enabled TLSv1.3 enabled which is not what I want. So, any ideas? Am I doing something wrong? Cheers Martin -- ------------------------------------------------------ Martin Knoblauch email: k n o b i AT knobisoft DOT de www: http://www.knobisoft.de
