Transport Layer Security (TLS) is a popular security protocol required by most websites and applications to securely transfer data between web browsers and servers. TLS 1.3 is the latest version of this protocol and offers significant improvements over its previous versions. When you employ TLS 1.3 on your site, it is important to disable its previous versions such as TLS 1.0 which have security vulnerabilities. Otherwise, your web server will continue to accept requests over these old protocol versions and your website will continue to be susceptible to attacks. In this article, we will learn how to disable TLS 1.0 in Apache server.
How to Disable TLS 1.0 in Apache
Here are the steps to disable TLS 1.0 in Apache server.
1. Open Apache Configuration File
Open terminal and run the following command to open Apache configuration file.
$ vi /etc/apache2/httpd.conf
Depending on your Apache installation type, replace the path to your Apache configuration file with any of the following.
/etc/apache2/httpd.conf
/etc/apache2/apache2.conf
/etc/httpd/httpd.conf
/etc/httpd/conf/httpd.conf
2. Disable TLS 1.0
Look for the line containing SSLProtocol directive. Set it to the following.
SSLProtocol +TLSv1.3 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
In the above code, we enable TLS 1.3 and TLS 1.2 and disable TLS v1.0, TLS v1.1, SSLv2, SSLv3 which are outdated and insecure.
The above setting will be applied to all websites hosted on your Apache server. If you want to disable them only on specific websites, you can add the above line to the virtual host configuration file located at /etc/apache2/sites-available.
3. Restart Apache Server
Lastly, restart Apache server to apply changes.
$ sudo service apache2 restart
TLS v1.3 is the most secure protocol available and it is important that you upgrade your website to use this protocol. It is equally important to disable all other older protocols to protect your website.
In this article, we have learnt how to disable TLS 1.0 in Apache server.
Also read:
Shell Script to Automate SSH Login
How to Force User to Change Password in Linux
How to Pause Shell Script
How to Send HTML Mail in Python
How to Find & Replace String in VI Editor
Related posts:
Sreeram Sreenivasan loves coding & writing tech articles. He has helped many Fortune 500 companies in the areas of BI & software development. He has more than 10 years of experience in web development, Python, Linux, SQL and database programming.