[BUG反馈] 开启ssl服务 没有支持TLS1.0 跟1.1

294652958

开启ssl服务后  网站只支持TLS1.2   部分老版本的安卓设置只能使用TLS1.0 或者TLS1.1  导致部分安卓设置打不开网站  请问在哪里配置TLS1.0 跟TLS1.1呢

lele8060

是多站点虚拟主机吗?
如果是虚拟主机的话,下面的方法或许会帮助到你.
我之前也遇到这个问题,困惑了半年终于解决了.

https://serverfault.com/questions/513961/how-to-disable-tls-1-1-1-2-in-apache

lele8060

First of all, you must identify what is the default vhost for port 443 in your server (the first SSL vhost loaded by Apache) and edit it's configuration file. Most users have an ssl.conf file in their servers, with a vhost for port 443 configured there. As the name of this file begins with "s", it will load before the vhosts configured in vhosts.conf (which begins with "v"). So, check if this is your case (the answer is "yes" for virtually everyone) and change the protocols in that file. That's enough!

乘风

回复 2# lele8060


   可以具体说一下你是怎么解决的吗？我试了几次还是不行

乘风

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile conf/cert/x.star.com.crt
SSLCertificateKeyFile conf/cert/x.star.com.key
SSLCertificateChainFile conf/cert/bundle_x.star.com.crt

SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4

#SSLProtocol +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
#SSLProtocol all -SSLv2 -SSLv3
#SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
#SSLHonorCipherOrder on