Re: [users@httpd] SSLProtocol and TLSv1

2016-07-14 Thread Phil Smith
Yes, thank you. There is a web app firewall in front of the apache server on the public side, so the allowed protocol versions need to be applied to the web app firewall, as well. That explains why setting SSLProtocol affected the server when connecting directly to it via private IP address. The p

Re: [users@httpd] SSLProtocol and TLSv1

2016-07-14 Thread Rajesh Tammineni
Check if there is any load balancer to your public ip. If it is then you need to check the SSL settings on load balancer side. Thanks Raj > On 14 Jul 2016, at 4:53 AM, Phil Smith wrote: > > No. SSLProtocol is configured properly for each VirtualHost section including > the default. > >> On W

RE: [users@httpd] SSLProtocol and TLSv1

2016-07-14 Thread Theo Sweeny
Hello Phil – that sounds as if when the traffic comes through the public gateway, SSL is offloading to an interim gateway device rather than at the Apache server. Are there any interim gateway devices? If so – do they manage SSL offloading? Theo From: Phil Smith [mailto:philbo...@gmail.com] S

Re: [users@httpd] SSLProtocol and TLSv1

2016-07-13 Thread Frank Gingras
That won't work. You must define it in the global scope. If you have several ssl vhosts and only set SSLProtocol in the vhost context, the value from the first vhost would take precedence. On Wed, Jul 13, 2016 at 4:53 PM, Phil Smith wrote: > No. SSLProtocol is configured properly for each Virtu

RE: [users@httpd] SSLProtocol and TLSv1

2016-07-13 Thread Houser, Rick
com] > Sent: Wednesday, July 13, 2016 16:49 > To: users@httpd.apache.org > Subject: Re: [users@httpd] SSLProtocol and TLSv1 > > On Wed, Jul 13, 2016 at 4:46 PM, Phil Smith wrote: > > Either setting seems to work in disabling TLSv1 if the apache server is > > requested via privat

Re: [users@httpd] SSLProtocol and TLSv1

2016-07-13 Thread Phil Smith
No. SSLProtocol is configured properly for each VirtualHost section including the default. On Wed, Jul 13, 2016 at 4:48 PM, Eric Covener wrote: > On Wed, Jul 13, 2016 at 4:46 PM, Phil Smith wrote: > > Either setting seems to work in disabling TLSv1 if the apache server is > > requested via priv

Re: [users@httpd] SSLProtocol and TLSv1

2016-07-13 Thread Eric Covener
On Wed, Jul 13, 2016 at 4:46 PM, Phil Smith wrote: > Either setting seems to work in disabling TLSv1 if the apache server is > requested via private IP address. > > However, neither seem to work in disabling TLSv1 if the apache server is > requested via public IP address. Maybe you have SSL enab