Alon Gal's notes | Revoke TLS1.0 and TLS1.1 from Apache server

Revoke TLS1.0 and TLS1.1 from Apache server

https://www.leaderssl.com/news/471-how-to-disable-outdated-versions-of-ssl-tls-in-apache https://www.digicert.com/kb/ssl-support/ssl-enabling-perfect-forward-secrecy.htm

In your /etc/apache2/mods-available/ssl.conf file
Comment this line

SSLProtocol all -SSLv3

And add this line

SSLProtocol TLSv1.2

Also, uncomment this line within the file (this will enable Perfect Forward Secrecy)

SSLHonorCipherOrder on

In your /etc/apache2/sites-available/000-default.conf file
Change every SSLProtocol all line to be SSLProtocol TLSv1.2
For example

<VirtualHost *:443>
        ServerName mydomain.com.au

        DocumentRoot /www

        SSLEngine on
        SSLProtocol TLSv1.2
        SSLCACertificateFile /home/ubuntu/security/star_mydomain-bundle.crt
        SSLCertificateFile /home/ubuntu/security/star_mydomain.crt
        SSLCertificateKeyFile /home/ubuntu/security/star_mydomain.key
</VirtualHost>

Restart your server with

sudo service apache2 restart

You can test your server security certificate here.