Just a quick one to improve things!
Beginning January 2020, SSLLabs.com will give you a grade B if you still have TLS 1.0 or 1.1 enabled, as it’s considered insecure.
The following is an example warning you might see:
So let’s disable that weak stuff, and only allow strong ciphers while we’re at it!
To only allow strong ciphers on your website, add the following at the end of your VirtualHost config:
Stupid simple, right?
Disable insecure SSL/TLS
To disable SSL entirely, and disable TLS 1.0 and 1.1, add the following to the end of your VirtualHost config:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Again stupid simple!
Now simply reload (or restart) your web server:
systemctl reload apache2
While there is always more you can do, this is a good start!
Check out my previous post on HSTS to further improve things!