TLS v1.1 is being phased out by 30 June 2018

Apache supports lots of different encryption protocols, some of which have serious vulnerabilities that puts sites at risk of being breached.

The Poodle and Beast exploits are just a couple examples of how attackers have taken advantage of weaknesses in SSL and TLS to compromise organizations.

in order to meet the standards of (PCI Data Security Standard (PCI DSS) for safeguarding payment data), TLS v1.0 needs to be disabled by 30 June 2018. TLS v1.1 is still allowed but TLS v1.2 is strongly encouraged.

If you are using LetsEncrypt with Apache2 on Debian the fix is this:

# vim /etc/letsencrypt/options-ssl-apache.conf

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Published by Nimpen J. Nordström

System Developer and Network Security Enthusiast

Leave a comment

Your email address will not be published. Required fields are marked *