How To Enable TLS 1.3/1.2 in Apache

Channel: Linux
Abstract: edit the virtual host section for your domain in the Apache SSL configuration file on your server and add set the SSLProtocol as followings. This will
Linux . How-to-Enable-HTTP-20-in-Apache
Linux . How-to-Enable-HAProxy-Stats
Linux . How-to-Enable-HAProxy-Stats---100-Works-–-TecAdmin

All the SSL and TLS versions older than 1.2 are having lots of known vulnerabilities like POODLE (CVE-2014-3566), That’s why the latest browsers have removed support for these vulnerable protocols. We also recommend moving your server to use TLS versions and specifically to TLS 1.2. This tutorial will help you to enable TLS 1.2 and TLS 1.3 in mod_ssl and Apache servers.

  • Install and Use Let’s Encrypt SSL with Apache
Prerequisites

To enable TLS 1.3 you must have Apache version 2.4.38 or higher on your system. Also search for the SSL virtual host configuration file your system.

Generally Debian based systems have there files under /etc/apache2/sites-enabled directory.

And the Redhat (RPM) based system have there configuration in /etc/httpd/conf/httpd.conf file or a sperate file under /etc/httpd/conf.d directory.

Enable TLS 1.2 only in Apache

First, edit the virtual host section for your domain in the Apache SSL configuration file on your server and add set the SSLProtocol as followings. This will disable all older protocols and your Apache server and enable TLSv1.2 only.

 SSLProtocol -all +TLSv1.2

The minimal Apache virtual host with SSL looks like:

<VirtualHost *:443>
    ServerName www.example.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLProtocol -all +TLSv1.2
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
Enable TLS 1.3 & 1.2 Both in Apache

The Apache version 2.4.38 or higher versions support TLS v1.3. You must upgrade Apache packages before enabled TLS 1.3 in SSL settings.

 SSLProtocol -all +TLSv1.2 +TLSv1.3

The simplest Apache VirtualHost with SSL looks like below

<VirtualHost *:443>
    ServerName www.example.com
    DocumentRoot /var/www/html

    SSLEngine on
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>

After making changes in your configuration file, restart the Apache service to apply new settings.

Ref From: tecadmin
Channels: TLS 1.3TLS 1.2TLSSSLmod_sslApache

Related articles

How-To-Enable-or-Disable-CGI-Scripts-in-Apache-24
How-to-install-Eclipse-Indigo-(372)-IDE-fo-Java-EE-Developers-on-openSUSE-121
How-To-Enable-TLS-12-Only-In-Nginx-Web-Server
How-to-add-lightbox-effect-for-images-in-WordPress
How-to-Enable-and-Monitor-PHP-FPM-Status-in-Nginx
How-to-Enable-TLS-12-on-Windows-Server-2008-R2-and-IIS-75
How-to-Enable-TLS-13-in-Apache-and-Nginx
How-to-View-or-Change-ACL-in-Linux-Files