disable outdated version of SSL/TLS in apache
Hi Techrunnr readers, this document deals with how to disable outdated version of SSL/TLS in apache.
AS per the new PCI compliance following SSL protocols should be disabled from the server side.
- TLS 1.0/1.1
- SSL 2.0/3.0
The above SSL protocols don’t provide any sort of protection while data transfer. Some cases of TLS 1.0 leads to Man In the Middle attack.
Here are the following steps to disable above-mentioned SSL protocols,
Add the the ssl.conf in /etc/httpd/conf.d/ by commenting on the existing
Add the following line in the same file by commenting the existing.
Then do a service restart for applying the new configuration.
© 2018, Techrunnr. All rights reserved.