Just a quick one to improve things!

Beginning January 2020, SSLLabs.com will give you a grade B if you still have TLS 1.0 or 1.1 enabled, as it’s considered insecure.

The following is an example warning you might see:

Screenshot of warning on ssllabs.com

So let’s disable that weak stuff, and only allow strong ciphers while we’re at it!

Strong Ciphers

To only allow strong ciphers on your website, add the following at the end of your VirtualHost config:

SSLCipherSuite HIGH:!aNULL:!MD5

Stupid simple, right?

Disable insecure SSL/TLS

To disable SSL entirely, and disable TLS 1.0 and 1.1, add the following to the end of your VirtualHost config:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Again stupid simple!

Reload

Now simply reload (or restart) your web server:

systemctl reload apache2

While there is always more you can do, this is a good start!

HSTS

Check out my previous post on HSTS to further improve things!

External Links