How to enable TLSv1.3 in Centos with Apache2
1
I am using CentOS 5 with Apache2.
Into an additional config file:
/etc/apache2/conf/extra/ssl.conf
I have put these lines:
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
I still can't enable TLSv1.3. The error says when restarting the service
Starting httpd: Syntax error on line 113 of /etc/apache2/conf/extra/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
System: CentOS 5.11 (Final).
OpenSSL: 1.1.1a 20 Nov 2018.
centos apache-httpd ssl
edited 14 mins ago
Vlastimil
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
|
show 2 more comments
1
I am using CentOS 5 with Apache2.
Into an additional config file:
/etc/apache2/conf/extra/ssl.conf
I have put these lines:
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
I still can't enable TLSv1.3. The error says when restarting the service
Starting httpd: Syntax error on line 113 of /etc/apache2/conf/extra/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
System: CentOS 5.11 (Final).
OpenSSL: 1.1.1a 20 Nov 2018.
centos apache-httpd ssl
edited 14 mins ago
Vlastimil
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago
|
show 2 more comments
1
1
1
I am using CentOS 5 with Apache2.
Into an additional config file:
/etc/apache2/conf/extra/ssl.conf
I have put these lines:
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
I still can't enable TLSv1.3. The error says when restarting the service
Starting httpd: Syntax error on line 113 of /etc/apache2/conf/extra/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
System: CentOS 5.11 (Final).
OpenSSL: 1.1.1a 20 Nov 2018.
centos apache-httpd ssl
edited 14 mins ago
Vlastimil
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I am using CentOS 5 with Apache2.
Into an additional config file:
/etc/apache2/conf/extra/ssl.conf
I have put these lines:
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
I still can't enable TLSv1.3. The error says when restarting the service
Starting httpd: Syntax error on line 113 of /etc/apache2/conf/extra/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
System: CentOS 5.11 (Final).
OpenSSL: 1.1.1a 20 Nov 2018.
centos apache-httpd ssl
centos apache-httpd ssl
edited 14 mins ago
Vlastimil
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 14 mins ago
Vlastimil
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 14 mins ago
Vlastimil
7,9441263135
edited 14 mins ago
Vlastimil
7,9441263135
edited 14 mins ago
Vlastimil
7,9441263135
7,9441263135
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
asked Jan 22 at 10:41
jonathan.rtzjonathan.rtz
62
62
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
jonathan.rtz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago
|
show 2 more comments
3
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago
3
3
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago
|
show 2 more comments
1 Answer
1
active
oldest
votes
0
Note that you would need the very latest Apache version in order for the following to work:
SSLProtocol -all +TLSv1.3 +TLSv1.2
This is simpler than disabling all of the other obsolete protocols.
And then you need to define pre-TLSv1.3 cipher suites separately. Like so:
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
jonathan.rtz is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495948%2fhow-to-enable-tlsv1-3-in-centos-with-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
Note that you would need the very latest Apache version in order for the following to work:
SSLProtocol -all +TLSv1.3 +TLSv1.2
This is simpler than disabling all of the other obsolete protocols.
And then you need to define pre-TLSv1.3 cipher suites separately. Like so:
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
add a comment |
0
Note that you would need the very latest Apache version in order for the following to work:
SSLProtocol -all +TLSv1.3 +TLSv1.2
This is simpler than disabling all of the other obsolete protocols.
And then you need to define pre-TLSv1.3 cipher suites separately. Like so:
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
add a comment |
0
0
0
Note that you would need the very latest Apache version in order for the following to work:
SSLProtocol -all +TLSv1.3 +TLSv1.2
This is simpler than disabling all of the other obsolete protocols.
And then you need to define pre-TLSv1.3 cipher suites separately. Like so:
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
Note that you would need the very latest Apache version in order for the following to work:
SSLProtocol -all +TLSv1.3 +TLSv1.2
This is simpler than disabling all of the other obsolete protocols.
And then you need to define pre-TLSv1.3 cipher suites separately. Like so:
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
answered Jan 22 at 11:27
VlastimilVlastimil
7,9441263135
7,9441263135
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
add a comment |
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
thanks for your respond. but after I added the suggested lines, got error: Starting httpd: Syntax error on line 108 of /etc/apache2/conf/extra/ssl.conf: SSLProtocol: Illegal protocol 'TLSv1.3' [FAILED] can you help me out of this. I appreciates much.
– jonathan.rtz
16 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
@jonathan.rtz Post your openssl version.
– Vlastimil
15 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
here it is my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
2 hours ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
@jonathan.rtz Thanks for the info. I will get back to you tomorrow, too much work today, I have edited your question to be clearer a little.
– Vlastimil
9 mins ago
add a comment |
jonathan.rtz is a new contributor. Be nice, and check out our Code of Conduct.
draft saved
draft discarded
jonathan.rtz is a new contributor. Be nice, and check out our Code of Conduct.
jonathan.rtz is a new contributor. Be nice, and check out our Code of Conduct.
jonathan.rtz is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495948%2fhow-to-enable-tlsv1-3-in-centos-with-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
Can you provide the version details for your OS, Apache & OpenSSL?
– Haxiel
Jan 22 at 11:07
Did you show us line 113? I don't see a TLSv1.3 entry...?
– Jeff Schaller
Jan 22 at 11:22
Centos 5 is too old to support that, I think. What have you installed?
– Rui F Ribeiro
Jan 22 at 13:48
hi, my OS is CentOS release 5.11 (Final). Openssl is OpenSSL 1.1.1a 20 Nov 2018
– jonathan.rtz
17 hours ago
@JeffSchaller .. the error is when i put the SSLProtocol TLSv1.3
– jonathan.rtz
17 hours ago