SSL 2.0 and SSL 3.0 having lots of known vulnerabilities like POODLE (CVE-2014-3566), That’s why latest browsers have removed support for these vulnerable protocols. We also recommend moving your server to use TLS versions and specifically to TLS 1.2. This tutorial will help you to enable TLS 1.2 in mod_ssl and Apache server.
Enable TLS 1.2 Only in Apache
First, edit the VirtualHost section for your domain in Apache SSL configuration file on your server and add set the SSLProtocol as followings. This will disable all older protocols and your Apache server and enable TLSv1.2 only.
SSLProtocol -all +TLSv1.2
The simplest Apache VirtualHost with SSL looks like below
<VirtualHost *:443> ServerName www.example.com DocumentRoot /var/www/html SSLEngine on SSLProtocol -all +TLSv1.2 SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem </VirtualHost>
Enable TLS 1.1 and 1.2 Both
As per article written here POODLE vulnerability expands beyond SSLv3 to TLS 1.0 and 1.1. So we don’t recommend to use this for production server but if you want to enable this for your development. You can do following configuration.
SSLProtocol -all +TLSv1.1 +TLSv1.2
After making changes in your configuration file, restart Apache service to apply new settings.