So I'm running a Jessie server that started out as a Perfect Wheezy LAMP. I'm using the latest stable version of ISPconfig. In order for me to pass PCI I need to stop supporting TLSv1.0. I've tried this: https://mozilla.github.io/server-side-tls/ssl-config-generator/ and added the config to the /etc/apache2/conf.d/ssl.conf file based on another thread. But I am still getting dinged with the TLSv1.0 support. Where else does it read these: It is NOT in the configuration I just added but these values are present in the .vhost file. But that line is "#" out. Can you give me a heads up where else I might look to change this? Running Apache 2.4.10 and openssl 1.0.1t
ISPConfig does not set cipher suites for port 443, as you already noticed, they are commented out. so the global apache cipher suite setup will get applied. ISPConfig sets it just for the vhost on port 8080, if you want to cahnge that, edit the ispconfig.vhost file. Ensure that you restart (not just reload) apache after you changed the cipher suite. You can find all occurrences of the string SSLCipherSuite in apache config files with: grep -r -n SSLCipherSuite /etc/apache2/
