TLS 1.2

Pierrot · March 17, 2015, 12:40am

Hello,

I have 2 VPS’s running both the same Debian Wheezy, same Virtualmin, same Apache 2.2.22, same OpenSSL 1.0.1e, pretty much the same eveything (besides virtual servers), both up to date. When using the Qualys SSL Labs tests, one server gets B because it does not support TLS v1.1 and 1.2 while the other gets an A because it does …

I already spent almost 2 hours trying to find a difference … /etc/apache2/mods-enabled/ssl.conf is the same, in fact a copy-paste from the one that gets the B to the one that gets the A … so I guess the pbm is elsewhere.

An idea where I should look ? The B one was installed like a year ago, the A just recently.

Also, I’m using valid certs from StarSSL on both servers.

Pierre.

Eric · March 17, 2015, 3:16am

Howdy,

You may want to grep through your entire Apache config for anything that might be setting either SSLProtocol or SSLCipherSuite, as both of those could cause what you’re describing.

-Eric

Pierrot · March 17, 2015, 8:47am

Hello,

Thank you Eric, right on spot as usual I had some declarations (+TLSv1 only) in virtualhosts configuration that were overwriting the general configuration (all -SSLv2 -SSLv3).
Both servers are now graded A, cool !

P.