How to enable only TLS 1.2 & disable previous versions?

Hello Team,

Due to security vulnerabilities, We need to enable only TLS 1.2 & need to disable TLS1.0 & 1.1 version.

Could you please help me to understand, how to check

  1. What are the current protocols are enabled ?
  2. How can we enable only TLS 1.2?

Let me know if my question is not clear. I can elaborate.


you can disable the protocols what ever you want by configuring ssl.conf or httpd.conf or vertualhost

once look at the below steps to disable ssl2 and ssl3 protocols

#vim /etc/httpd/conf.d/ssl.conf

 SSLProtocol all -SSLv2 -SSLv3          ##(it allows all protocols except ssl2 and ssl3)

Disabling it by configuring httpd.conf

#vim /etc/httpd/conf/httpd.conf

       DocumentRoot /var/www/xxxx
       SSLEngine on
       SSLCertificateFile /etc/httpd/ssl/xxxx.crt
       SSLCertificateKeyFile /etc/httpd/ssl/xxxx.key
       SSLCertificateChainFile /etc/httpd/ssl/xxxx.crt
       SSLProtocol All -SSLv2 -SSLv3
           Options FollowSymLinks
           AllowOverride None

After doing these changes restart the httpd service. By using below command you can check the disabled protocols.

 openssl s_client -connect -ssl3

which should produce something like

140214333110088:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40
140214333110088:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

you could see that handshake failure from the above output which means ssl3 is disabled on that particular host.

Hey Raghu,

Thanks for the information. But on my server I don’t see ssl.conf & http.conf files. under etc I don’t see httpd folder also.

Can you please suggest what can I do now?

Can i create one? if i create will it be any impact to other applications running on this server.

On which you configured your web host, is it apache tomcat or what…?

If it is apache tomcat then you have to go to your tomcat installation directory and configure conf/server.xml.