Due to security vulnerabilities, We need to enable only TLS 1.2 & need to disable TLS1.0 & 1.1 version.
Could you please help me to understand, how to check
- What are the current protocols are enabled ?
- How can we enable only TLS 1.2?
Let me know if my question is not clear. I can elaborate.
you can disable the protocols what ever you want by configuring ssl.conf or httpd.conf or vertualhost
once look at the below steps to disable ssl2 and ssl3 protocols
SSLProtocol all -SSLv2 -SSLv3 ##(it allows all protocols except ssl2 and ssl3)
Disabling it by configuring httpd.conf
SSLProtocol All -SSLv2 -SSLv3
After doing these changes restart the httpd service. By using below command you can check the disabled protocols.
openssl s_client -connect labs.example.com:443 -ssl3
which should produce something like
140214333110088:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40
140214333110088:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:
you could see that handshake failure from the above output which means ssl3 is disabled on that particular host.
Thanks for the information. But on my server I don’t see ssl.conf & http.conf files. under etc I don’t see httpd folder also.
Can you please suggest what can I do now?
Can i create one? if i create will it be any impact to other applications running on this server.
On which you configured your web host, is it apache tomcat or what…?
If it is apache tomcat then you have to go to your tomcat installation directory and configure conf/server.xml.