How to enable TLS 1.2 in apache?

Question

The current enabled TLS on my server is "tls 1", how can i enable tls 1.2 on my ubuntu server, and do i have to upgrade my openssl first?

# apache2ctl -v
Server version: Apache/2.2.12 (Ubuntu)

# openssl version -a
OpenSSL 0.9.8g 19 Oct 2007
built on: Fri Dec  3 23:05:00 UTC 2010
platform: debian-amd64
options:  bn(64,64) md2(int) rc4(ptr,char) des(idx,cisc,16,int) blowfish(ptr2) 
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -O3 -Wa,--noexecstack -g -Wall -DMD32_REG_T=int -DMD5_ASM

score 4 · Answer 1 · answered Oct 19 '15 at 20:36

4

In order to use TLSv1.1 and TLSv1.2 for SSLProtocol, you need at least version 2.2.23 (in addition to OpenSSL 1.0.1 or higher).

Once you have the latest,

Add

SSLProtocol TLSv1.1

to

/etc/httpd/conf.d/ssl.conf

answered Oct 19 '15 at 20:36

Won Jun Bae

141
3

score 2 · Answer 2 · answered Jul 04 '15 at 11:24

2

First step is, you will have to upgrade your OpenSSL version to 1.0.1 or higher. Your current OpenSSL version does not support TLS 1.2.

answered Jul 04 '15 at 11:24

Kailash Aghera

121
1

Upgrading the OpenSSL will it affect the existing ssl certificates installed on the server?, and do i have to upgrade the apache? – MohammedSimba Jul 04 '15 at 15:04
@user225844 no it should not affect existing certificates but instead of upgrading just one package from an unkown source or building it yourself, you should evaluate upgrading to the latest LTS release. – LiveWireBT Jul 04 '15 at 17:37

How to enable TLS 1.2 in apache?

2 Answers2