CONNECTED(00000003)ĭepth=2 O = Digital Signature Trust Co., CN = DST Root CA X3ĭepth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
![hwo to test tls 1.2 hwo to test tls 1.2](https://wptavern.com/wp-content/uploads/2016/06/tls-compatibility-test-500x368.png)
You can also test for TLS 1 or TLS 1.1 with -tls1 or -tls1_1 respectively. If you don’t see a certificate chain, and instead something similar to “handshake error”, you know the server does not support TLS 1.2/1.3. If you get a certificate chain and handshake like below, you know the server in question supports TLS 1.2/1.3. Run the following command in terminal, replacing with your own domain:įor TLS 1.2: openssl s_client -connect :443 -tls1_2įor TLS 1.3: openssl s_client -connect :443 -tls1_3 You should now receive and A score and no TLS 1.0 amd TLS 1.1 protocols being supported.OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default. Reboot apache with: sudo /opt/bitnami/ctlscript.sh restart apache SSLProxyProtocol -TLSv1.2 -TLSv1.3 -SSLv3 Now under #SSL Protocol Support, change the settings to look like this:.SSLProx圜ipherSuite HIGH:MEDIUM:!SSLv3:!kRSA Now remove the hastag from the following lines so they read as: #SSLProx圜ipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES #SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES In the nf file, add the hashtag to the following lines (without the.Navigate to: /opt/bitnami/apache2/conf/extra.Add the following line to the nf file under where it says:.Navigate to: /opt/bitnami/apache2/conf/bitnami/.Open an instance of SSH from your Lightsail dashboard.I was also having this problem and put together the following solution: Of course after every change I used to restart Apache.
#Hwo to test tls 1.2 how to#
I tryed to simply update the nf and the nf, but nothing appens: TLS 1.3 does not work and TLS 1.0 and TLS 1.1 are always anabled.Īfter my adds, this is my ssl directives in nf file: # SSLProtocol all -SSLv3īut nothing changed and now I really do not know how to enable TLS 1.3 and disable TLS 1.0 and TLS 1.1. Include "/opt/bitnami/apache2/conf/bitnami/nf" # Bitnami applications installed with a prefix URL (default) SSLCertificateKeyFile "/opt/bitnami/apache2/conf/mydomain.key" SSLCertificateFile "/opt/bitnami/apache2/conf/mydomain.crt" SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"ĭocumentRoot "/opt/bitnami/apache2/htdocs"
![hwo to test tls 1.2 hwo to test tls 1.2](https://www.alitajran.com/wp-content/uploads/2020/09/How-to-enable-TLS-1.2-on-Windows-Server-IIS-Crypto-templates.png)
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA$ So, inside the nf file I found this block, that seems the right place: # Default SSL Virtual Host configuration.
![hwo to test tls 1.2 hwo to test tls 1.2](https://content.spiceworksstatic.com/service.community/p/post_images/0000321262/5b6c5321/attached_image/Screenshot.png)
Reading on the net I found that I must change the nf file to insert this directive SSLProtocol -all +TLSv1.2 Now it seems that my Apache version 2.4.39 supports also TLS 1.3 and I am trying to enable even it and disable the two older versions.
![hwo to test tls 1.2 hwo to test tls 1.2](https://techcommunity.microsoft.com/legacyfs/online/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/31/06/metablogapi/image_00C5095C.png)
This is my first experience with Amazon Lighsail, Wordpress Multisite, BitnamiĪnd even with Let's Encrypt now it seems everything just works, except for SSL directives in my virtualhost file.īecause it seems that major browsers – aka Chrome, Safari/Webkit, Mozilla Firefox and IE/Edge - are going to remove support to TLS 1.0 and TLS 1.1, as soon as the beginning of the new year – precisely among January and March – I would want to know how to disable them for my new Wordpress Multisite instance in Lightsail.Īfter I obtained a Let’s Encript SSL certificate and successfully deployed it I tested it to verify that TLS 1.0 and TLS 1.1 are enabled along with TLS 1.2.