Hey, Currently I'm trying to disable TLS1.0 on my Apache 2.4. I added the following line in ISPConfig: Code: SSLProtocol -all +TLSv1.2 But ssllabs still says: How can I set SSLProtocol. I've tried ssl.conf to set it global but it didn't work either.
I doubt that setting SSLProtocol for a single vhost can work. I guess you will have to set it global plus ensure that no other vhost on that server uses a different setting for SSLProtocol.
Thx Till, I found this: https://serverfault.com/questions/6...col-in-apache-for-a-single-virtualhost-poodle So, maybe it will work later. Btw. Where can I change the ISPConfig Default apache.vhost. Every single vhost contains: Code: SSLProtocol All -SSLv2 -SSLv3 Should I change the vhost.conf.master or is there another way?
Mostly in /usr/local/ispconfig/server/conf/; so copy the one that you need to /usr/local/ispconfig/server/conf-custom/ and modify there, as the one in /conf/ will be overwritten on ISPConfig update. Use resync to update all vhost automatically thereafter.
Sorry to hijack this, but im busy with harderning my server. Code: cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf-custom/vhost.conf.master Changed the SSLProtocol options Then did a resync, but my /etc/apache2/sites-enabled/clientid-domain.tld.vhost wasnt modified..
I did, didnt change nothing as far as Guess i overlooked the double SSLProtocols in the vhost. Doh... I now edited the mod_headers section to be: Code: Header always add Strict-Transport-Security "max-age=15768000" Header always append X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" Resynced and it worked.
