Question posted in
Some documentation to get you started can be found here.

How to enable the old TLS 1.0 and TLS 1.1 on Apache on Ubuntu 20.04

Summary: We need to re-enable old TLS 1.0 / TLS 1.1 on Apache on Ubuntu 20.04 to support old application.

Background:
We have recently upgraded from Ubuntu 18.04 to 20.04.
One of our old Windows application has stopped working.
We have diagnosed the problem down to our new server not accepting TLS 1.0 / 1.1 connections.
How can we re-enable these old protocols? We know these are less secure but that serves our purpose right now.

We have tried adding SSLProtocol +TLSv1 +TLSv1.1 to the Apache config but it does not work.

Please help.

Tags:

2

Answers


  1. 0

    You should try to specify SSLCipherSuite with an extra @SECLEVEL=1 pseudo-protocol. The default security level in Ubuntu 20.04 will not allow to use TLSv1 even if you explicitly set it in the supported protocols list.

    Try:

    SSLEngine on
SSLProtocol all
SSLCipherSuite ALL:@SECLEVEL=1
    Login or Signup to reply.
  2. 0

    The thing that eventually works for me is replacing

    SSLCipherSuite HIGH:!aNULL

    with

    SSLCipherSuite TLSv1:@SECLEVEL=1

    in /etc/apache2/mods-avalable/ssl.conf

    The SSLProtocol lines had no effect for me, although they might work if they are put in the first vhost configuration that Apache encounters.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search