AS a best practice, we must use implement the latest version of TLS certificate.
TLS v3.0 is latest version release in Aug 2018. All your applications and browser should support this version certificates.
For the backward compatibility, web server like – Apache, Ngnix support TLS v1.0 and TLS v1.2 as well.
If your browsers like Chrome or Mozilla Firefox is in the latest version, then no need worry about version support. As all latest browser support TLS v1.3.
So, in this article I want to talk about you can disable TLS v1.0
Follow my step by step guide for apache server :
- Use nano or vim to edit ssl.conf file in your webserver. Usually it can be found at /etc/httpd/httpd.conf. (For bitnami installation it will be available at File: /opt/bitnami/apache2/conf/bitnami/bitnami.conf )
- Find SSL support section. The line should be read as SSLProtocol all -SSLv2 -SSLv3. Refer- Fig 1
- Comment # this line
- Copy/paste this line under it.
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
- save the file
- Restart the HTTPD services.
If you are using Apache you can use this command: sudo apachectl restart
- Now Validate, if your site disabled for TLS v1.0 and TLS v1.1
Run a scan on your update site at this site: SSL LAB Site
You can run using CLI as well. Run this command:
openssl s_client -connect www.yourwebsite.com:443 -tls1
For more version, use options -tls1_1, -tls1_2