The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: SSLProtocol: Illegal protocol 'TLSv1.1'  (Read 6703 times)

Nitish_Johar

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
SSLProtocol: Illegal protocol 'TLSv1.1'
« on: November 17, 2015, 04:38:34 PM »

Hi,
I've been facing an issue while enabling TLSv1.1 & TLSv1.2

Error: SSLProtocol: Illegal protocol 'TLSv1.1'

Earlier I was using below details:

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:DES-CBC3-SHA

Apache version:  Apache/2.2.24 (Unix)
OpenSSL 1.0.1e-fips

Please do let me know, what can be done to enable TLSv1.1 &1.2 successfully.

Thanks,
Nitish
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 580
Re: SSLProtocol: Illegal protocol 'TLSv1.1'
« Reply #1 on: November 17, 2015, 05:39:26 PM »

You can use

Code: [Select]
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15553000"
</IfModule>
SSLUseStapling off
SSLSessionCache shmcb:/opt/apache2/logs/ssl_gcache_data(512000)
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

Adjust the path for the session cache
Logged

Nitish_Johar

  • Newbie
  • *
  • Offline Offline
  • Posts: 2
Re: SSLProtocol: Illegal protocol 'TLSv1.1'
« Reply #2 on: November 18, 2015, 05:25:27 PM »

Do I need to upgrade openssl version too ? As TLSv1.1 supports OpenSSL 1.0.1 and upper versions and I have OpenSSL/1.0.0e configured on my machine .

So the openssl upgrade is required ? or is there any other workaround to enable TLSv1.1 ?

Apache version:  Apache/2.2.24 (Unix)
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 580
Re: SSLProtocol: Illegal protocol 'TLSv1.1'
« Reply #3 on: November 20, 2015, 06:19:06 PM »

The +TLSv1.1 does that job. Your config wasn't right. The +TLSv1 enables only TLS 1.0
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13