Apache + Debian here. I just run grep -rnw '/etc' -e 'SSLCipherSuite'
and found that /etc/apache2/mods-available/ssl.conf was overriding even
the /etc/letsencrypt/options-ssl-apache.conf file.
So I commented some lines in ssl.conf (of mods-available) and tweaked
everything in options-ssl-apache.co
I could disable TLS 1.0 and 1.1 and only enable TLS 1.2 + 1.3 by doing
this
```
SSLProtocol +TLSv1.2 +TLSv1.3
SSLCipherSuite HIGH:!kRSA:!ADH:!eNULL:!LOW:!EXP:!MD5:!3DES
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
Comment # 20 below fixed the issue - review the letsencrypt changes to
the ssl.conf file and apache2 startup.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv
comment # 20 fixed the issue by updating the LetsEncrypt options file.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this
Comment # 20 fixed my problem - people who disqualified it immediately
need to pay attention!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage n
This solved my problem - through SSL Labs I was getting B with all the
attempts in putting anything - as soon as I updated the options-ssl-
apache.conf file BOOM! we got A+ Rating
Brad you are awesome and I think all the commentators below and above
should try this out before disqualifying it... I
So when will a "solution" come or is there already one? if so, how? I'm just
having a hard time to wrap my head around this.
I didnt have this issue before i did a yearly reset on my server ~3 weeks ago.
The support for TLSv1 & TLSv1.1 seems to end in 3 days and i need help get this
solved asap.
** Changed in: apache2 (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this bug go t
** Changed in: apache2
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this bug go t
I found that on the Debian bug nmap was used, for the sake of being different I
tried like:
$ nmap --script ssl-enum-ciphers -p 444 10.253.194.57 | grep TLSv
But the results match what I have seen with testssl.sh
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
And as asked there this might help as well:
$ a2enmod info
$ systemctl restart apache2
$ apache2ctl -t -D DUMP_CONFIG|grep -i ssl
$ a2dismod info # if it hasn't been enabled before
That is a slightly better info than my Greps above, but still the same result.
Here of my last config trying to falsi
This all sounds interesting.
But since recently the openssl 1.1.1 bump has impacted a lot of things lets
re-test with that.
BTW TLSv1.3 might come up in bug 1845263 soon.
I installed apache2 on 18.04 and 20.04 and will test on those which means:
18.04:
apache2: 2.4.29-1ubuntu4.11
openssl: 1.1.1-1
** Changed in: apache2 (Ubuntu)
Status: Incomplete => Confirmed
** Bug watch added: Debian Bug tracker #925061
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061
** Also affects: apache2 (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925061
Importance: Unknow
Confirmed, many thanks Robin!
I had the same problem, even when I removed the ciphers above, TLS1.0 was still
active.
I added a dummy default page whithout special cipher-suite and SSLProtocol
configuration, with a subdomain, which is not registered on public DNS
(snakeoil cert).
Now TLS1.0 dis
I had the same problem - had!
It turns out, that the SSLCipherSuite list on the default vHopst (as
reported of apachectl -D DUMP_VHOSTS) has to be capable of TLSv1.1
ciphers. It is also needed, that the default vHost has TLSv1.1 enabled
in order to use that on other vHosts.
So, the default vHost
Many thanks Thomas !
I was searching for hours why apache did not taking into account my SSL config.
It is because the letsencrypt config was applied before my virtualhost config.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
I found something in /etc/letsencrypt/options-ssl-apache.conf ...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this bu
Upstream has closed this bug as Incomplete, so I'm doing the same for
Ubuntu. I think part of the problem here is that different people are
reporting different underlying causes that lead to similar symptoms. See
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739#c25.
This particular bug now see
BUMP.
Seeing this on 2.4.18 on Xenial
ii apache2 2.4.18-2ubuntu3.9
amd64Apache HTTP Server
ii apache2-bin 2.4.18-2ubuntu3.9
amd64Apache HTTP Server (modules and
Launchpad has imported 20 comments from the remote bug at
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://h
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: apache2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Ap
** Changed in: apache2
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disable TLSv1.0
To manage notifications about this bug go t
** Changed in: apache2
Status: Unknown => Confirmed
** Changed in: apache2
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ignores disabl
Be great if someone from Ubuntu could verify this problem + update the
upstream bug, so this problem can be resolved.
Thanks.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1665151
Title:
Apache ign
You're welcome.
I haven't gone back through the recent patches + I'm guessing this is a
fairly recent situation, as I'm fairly sure I was able to change this
setting around version 2.4.18 + problem seems to have crept in around
version 2.4.23 (best guess).
Thanks for scheduling this for a fix.
-
Thanks for your report David, I added the upstream bug to the tracker so
that this bug automatically gets updates on its status.
** Also affects: apache2 via
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739
Importance: Unknown
Status: Unknown
--
You received this bug notificatio
Upstream bug opened...
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739
** Bug watch added: bz.apache.org/bugzilla/ #60739
https://bz.apache.org/bugzilla/show_bug.cgi?id=60739
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ht
27 matches
Mail list logo
