Hello,
We have a couple of https protected sites, all is in apache vhost configs. Because of recent FREAK vulnerability I tried to strict ciphers configuration. So in litespeed config > listeners > 443 port > ssl I put the cipher from mozilla
https://wiki.mozilla.org/Security/Server_Side_TLS manual
and enabled TLS v1.1 and TLS v1.2 only. However when I checked one of the sites via
https://www.ssllabs.com/ssltest/analyze.html
it says
Do you know how to get rid of TLS 1.0 if the combination of litespeed and apache configs are used?
We have a couple of https protected sites, all is in apache vhost configs. Because of recent FREAK vulnerability I tried to strict ciphers configuration. So in litespeed config > listeners > 443 port > ssl I put the cipher from mozilla
https://wiki.mozilla.org/Security/Server_Side_TLS manual
and enabled TLS v1.1 and TLS v1.2 only. However when I checked one of the sites via
https://www.ssllabs.com/ssltest/analyze.html
it says
Code:
Protocols
...
TLS 1.0 Yes
Last edited by a moderator: