아파치 2.2.29 버젼에서 SSLProtocol 중 TLSv1.2로 설정

/etc/httpd/conf.d/ssl.conf 파일에 아래와 같이 수정하고 재기동 하면 됩니다.

SSLProtocol -all +TLSv1.2

or

SSLProtocol -all +TLSv1.1 +TLSv1.2

아래 명령어로 아파치 버젼과 openssl 버젼을 확인을 해서 적용해야 됩니다. 해당 내용은 아래 참고

아파치 2.4 이상 및 openssl 1.0.1 이상이 권장사항 이라고 했는데 아파치 2.2.2X 이상에도 openssl 버젼이 맞으면 되는것 같다

2.2.15버젼에서는 +TLSv1.1 +TLSv1.2 옵션을 인식하지 못하기 때문에 에러가 난다

어쩔수 없이 아래와 같이 할수는 있으나 업그레이드를 권고한다

SSLProtocol all -SSLv2 -SSLv3 -TLSv1

apachectl -V

openssl version

OpenSSL 1.0.1s 1 Mar 2016

-------------------------------------------------------------------------------

This directive can be used to control the SSL protocol flavors mod_ssl should use when establishing its server environment. Clients then can only connect with one of the provided protocols.

The available (case-insensitive) protocols are:

• SSLv2

  This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the original SSL protocol as designed by Netscape Corporation. Though its use has been deprecated, because of weaknesses in the security of the protocol.

• SSLv3

  This is the Secure Sockets Layer (SSL) protocol, version 3.0, from the Netscape Corporation. It is the successor to SSLv2 and the predecessor to TLSv1. It's supported by almost all popular browsers.

• TLSv1

  This is the Transport Layer Security (TLS) protocol, version 1.0. It is the successor to SSLv3 and is defined in RFC 2246.

• TLSv1.1 (when using OpenSSL 1.0.1 and later)

  A revision of the TLS 1.0 protocol, as defined in RFC 4346.

• TLSv1.2 (when using OpenSSL 1.0.1 and later)

  A revision of the TLS 1.1 protocol, as defined in RFC 5246.

• All

  This is a shortcut for ``+SSLv2 +SSLv3 +TLSv1'' or - when using OpenSSL 1.0.1 and later - ``+SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2'', respectively.