問題描述
在 Apache 2.4.37 中禁用 TLS 1.0 和 1.1 不起作用 (Disabling TLS 1.0 & 1.1 in Apache 2.4.37 not working)
Centos7上安裝了Apache 2.4.37,沒有安裝letsencryt應用,httpd.conf文件中沒有虛擬主機。
下面是ssl.conf文件的部分設置。
<VirtualHost _default_:443>
SSLProtocol all ‑SSLv2 ‑SSLv3 ‑TLSv1 ‑TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLProxyCipherSuite PROFILE=SYSTEM
</VirtualHost>
還嘗試了以下條目,但不起作用。SSLProtocol TLSv1.2
nmap 顯示僅啟用了 tls1.2,但 ssllab 和 https: //www.cdn77.com/tls‑test 都顯示 tls 1.0 和 1.1 已啟用。
# nmap ‑sV ‑‑script ssl‑enum‑ciphers ‑p 443 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021‑02‑10 18:53 EST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000035s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE VERSION
443/tcp open ssl/ssl Apache httpd (SSL‑only mode)
|_http‑server‑header: Apache/2.4.37 (centos) OpenSSL/1.1.1g
| ssl‑enum‑ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) ‑ A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) ‑ A
.
.
.
誰能幫我找到根本原因,好嗎?謝謝!
參考解法
方法 1:
It turned out the issue is from AWS Load Balancer. The configuration on the Linux level was correct.