Skip to content

Configure Apache TLS

Severity: highApplies to: Apache httpd 2.4.xApplies to: Apache httpd 2.4.68
The fixssl.conf / vhost
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder off
SSLSessionTickets off
SSLUseStapling off
Terminal window
sudo apachectl -t && sudo systemctl reload apache2

TLS 1.0 and 1.1 are obsolete and rejected by every current browser. Leaving them enabled reaches nobody who couldn’t otherwise connect — the clients that need them can’t complete a modern handshake anyway — and it keeps you failing scans and offering downgrade surface.

SSLProtocol -all +TLSv1.2 +TLSv1.3 is the whole control.

Apache’s SSLProtocol is additive and order-dependent, which is a genuine footgun:

SSLProtocol -all +TLSv1.2 +TLSv1.3 # correct: clear everything, add two back
SSLProtocol +TLSv1.2 +TLSv1.3 # WRONG: adds to the default, doesn't clear
SSLProtocol all -SSLv3 # WRONG: everything except SSLv3, so TLS 1.0 is on

The second and third forms appear in a lot of copied configs and both leave TLS 1.0 enabled. Always start with -all, then add. And check the effective result from outside rather than reading the line — see the verify block.

Same argument as nginx and SSH: cipher lists age, and a list pasted from an old post encodes old opinions permanently.

Use the Mozilla SSL Configuration Generator, pick the intermediate profile, and regenerate it when you upgrade. A generated config you regenerate beats a curated one nobody revisits.

Two Apache-specific notes:

SSLCipherSuite does not control TLS 1.3. TLS 1.3 has its own suite set, configured with SSLCipherSuite TLSv1.3 ... in recent Apache — and OpenSSL’s defaults are short and all strong, so there is nothing worth tuning. A hand-written SSLCipherSuite line governs a shrinking share of your traffic.

SSLHonorCipherOrder off is deliberate. The old advice was on. Mozilla’s current intermediate guidance is off, because modern clients choose better than a fixed server ordering can — a phone with hardware AES and a laptop without want different suites, and only the client knows which it is.

SSLUseStapling off

If you use Let’s Encrypt, stapling has nothing to do. Let’s Encrypt shut down its OCSP responder on 6 August 2025 and stopped including OCSP URLs in certificates, so SSLUseStapling on has no responder to query and quietly does nothing — leaving only a warning in your error log.

The full story is on the nginx OCSP page; it applies identically here. If your CA still runs a responder, stapling is still a small win; check with openssl x509 -noout -ocsp_uri.