Configure Apache TLS
ssl.conf / vhostSSLProtocol -all +TLSv1.2 +TLSv1.3SSLHonorCipherOrder offSSLSessionTickets offSSLUseStapling offsudo apachectl -t && sudo systemctl reload apache2Why it matters
Section titled “Why it matters”TLS 1.0 and 1.1 are obsolete and rejected by every current browser. Leaving them enabled reaches nobody who couldn’t otherwise connect — the clients that need them can’t complete a modern handshake anyway — and it keeps you failing scans and offering downgrade surface.
SSLProtocol -all +TLSv1.2 +TLSv1.3 is the whole control.
Read the -all +TLSv1.2 syntax carefully
Section titled “Read the -all +TLSv1.2 syntax carefully”Apache’s SSLProtocol is additive and order-dependent, which is a genuine
footgun:
SSLProtocol -all +TLSv1.2 +TLSv1.3 # correct: clear everything, add two backSSLProtocol +TLSv1.2 +TLSv1.3 # WRONG: adds to the default, doesn't clearSSLProtocol all -SSLv3 # WRONG: everything except SSLv3, so TLS 1.0 is onThe second and third forms appear in a lot of copied configs and both leave TLS
1.0 enabled. Always start with -all, then add. And check the effective
result from outside rather than reading the line — see the verify block.
Don’t hand-write SSLCipherSuite
Section titled “Don’t hand-write SSLCipherSuite”Same argument as nginx and SSH: cipher lists age, and a list pasted from an old post encodes old opinions permanently.
Use the Mozilla SSL Configuration Generator, pick the intermediate profile, and regenerate it when you upgrade. A generated config you regenerate beats a curated one nobody revisits.
Two Apache-specific notes:
SSLCipherSuite does not control TLS 1.3. TLS 1.3 has its own suite set,
configured with SSLCipherSuite TLSv1.3 ... in recent Apache — and OpenSSL’s
defaults are short and all strong, so there is nothing worth tuning. A hand-written
SSLCipherSuite line governs a shrinking share of your traffic.
SSLHonorCipherOrder off is deliberate. The old advice was on. Mozilla’s
current intermediate guidance is off, because modern clients choose better than
a fixed server ordering can — a phone with hardware AES and a laptop without want
different suites, and only the client knows which it is.
OCSP stapling is mostly moot now
Section titled “OCSP stapling is mostly moot now”SSLUseStapling offIf you use Let’s Encrypt, stapling has nothing to do. Let’s Encrypt shut down
its OCSP responder on 6 August 2025 and stopped including OCSP URLs in
certificates, so SSLUseStapling on has no responder to query and quietly does
nothing — leaving only a warning in your error log.
The full story is on the nginx OCSP page; it applies
identically here. If your CA still runs a responder, stapling is still a small
win; check with openssl x509 -noout -ocsp_uri.
Related
Section titled “Related”- Set security headers — including HSTS, which makes TLS mandatory.
- nginx OCSP stapling — the full story on why stapling is obsolete.