AnsweredAssumed Answered

Only TLS 1.2 enabled, but the test site thought differently

Question asked by BRYAN S.G. on Dec 15, 2014
Latest reply on Dec 16, 2014 by BRYAN S.G.



In the test result above, the test indicates that the three TLS protocols (TLS 1, 1.1, 1.2) are enabled, but in the Apache configuration setting, I only enable TLS 1.2.


Below is the the redacted configuration:-


DocumentRoot "<redacted>"

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://<redacted>

SSLEngine on
SSLProtocol -ALL +TLSv1.2
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite AES256+EECDH:AES256+EDH

SSLCertificateFile <redacted>
SSLCertificateKeyFile <redacted>
SSLCertificateChainFile <redacted>

SSLUseStapling on
SSLCACertificateFile <redacted>
SSLStaplingReturnResponderErrors off
SSLStaplingResponderTimeout 5
SSLStaplingResponseMaxAge 3600

Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set Public-Key-Pins "max-age=5184000; pin-sha256=x9Jz239f/WhJqcZjTI9HD7kR7JVwBm31Nx2MLwlRcUY=; pin-sha256=87H99lMvCDrCWYV1oZbFyB3hI2kUpl7OpqXQjJJUa6k=; pin-sha256=CbBTC5KT/RLAekL0oPWMrU88qfxKN+nyj3Mx5IApBMM="
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff

<Directory "<redacted>"
Require all granted
AllowOverride All
allow from all
Options All
DirectoryIndex index.php index.html


Thanks for any insights.