Did some tests, TLSv1 has been successfully disabled.
I think it is because your vhost level SSL configuration has
TLSv1 enabled. Your test is using SNI, the SSL configuration has
been switch to vhost SSL.
Best regards,
George Wang
Hello,--
Per Trustwave requirements I need to disable TLSv1 on a host but it doesnt work:
In the vhost file I have:sslProtocol 12
And in the GUI it shows just TLS 1.1 and 1.2 checked, but both trustwave and my test still shows TLSv1 is still responding, might this be a bug?
[root@www html]# openssl s_client -servername hostimchecking.com -connect hostimchecking.com:443 -tls1CONNECTED(00000003)depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CAverify return:1depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2verify return:1depth=0 C = US, OU = Domain Control Validated, CN = hostimchecking.comverify return:1---Certificate chain0 s:/C=US/OU=Domain Control Validated/CN=hostimchecking.comi:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G21 s:/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA---Server certificate-----BEGIN CERTIFICATE-----......-----END CERTIFICATE-----subject=/C=US/OU=Domain Control Validated/CN=hostimchecking.comissuer=/C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2---No client certificate CA names sentServer Temp Key: ECDH, prime256v1, 256 bits---SSL handshake has read 3114 bytes and written 322 bytes---New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHAServer public key is 2048 bitSecure Renegotiation IS supportedCompression: NONEExpansion: NONESSL-Session:Protocol : TLSv1Cipher : ECDHE-RSA-AES256-SHASession-ID: E1AC34371ACA1D68C319FE2EFD4C5A8AFEA446F72C88B4AEEED7FF96C37E4193Session-ID-ctx:Master-Key: 4BC0229AB191E4684CA95CC3A66943BF50691C2F53D8EE3CF62C19B1D31AD54AC4A111CDAF5AFDD020D701F0A2AA8194Key-Arg : NoneKrb5 Principal: NonePSK identity: NonePSK identity hint: NoneTLS session ticket lifetime hint: 3600 (seconds)TLS session ticket:
You received this message because you are subscribed to the Google Groups "OpenLiteSpeed Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openlitespeed-deve...@googlegroups.com.
To post to this group, send email to openlitespee...@googlegroups.com.
Visit this group at https://groups.google.com/group/openlitespeed-development.
For more options, visit https://groups.google.com/d/optout.