How to resolve “SSLProtocol: Illegal protocol 'TLSv1.1'” in CentOS 6.9
up vote
0
down vote
favorite
I'm trying to pass a vulnerability scan for my CentOS 6.9 server. The last of the issues I am attempting to resolve relate to the use of outdated SSL protocols. When I attempt to use the following line in my ssl.conf
SSLProtocol -all +TLSv1.1
and then run a configest
service httpd24-httpd configtest
I am presented with the error
SSLProtocol: Illegal protocol 'TLSv1.1'
I've narrowed this down to possibly an outdated version of OpenSSL. When I began this process I was on the version OpenSSL 1.0.1e-fips 11 Feb 2013 and I've updated that to a more recent version by following these instructions: http://www.ehowstuff.com/how-to-install-and-update-openssl-on-centos-6-centos-7/
Now when I check the version I get OpenSSL 1.0.2l 25 May 2017 however I still get the same error during the configtest. I'm thinking at this point that the mod_ssl.so file in apache needs to be upgraded but I am sort of at a loss for my next steps (I'm a little out of my depth at this point). Since I downloaded httpd24 as a package I never had to compile it and I'm not sure of where to go next. As far as I understand, it's possible to include a new mod_ssl.so without recompiling Apache, but in practice I don't know how I'd go about that.
linux centos apache-httpd openssl
asked Aug 13 '17 at 23:43
Ryan Salsman
412
add a comment |
up vote
0
down vote
favorite
I'm trying to pass a vulnerability scan for my CentOS 6.9 server. The last of the issues I am attempting to resolve relate to the use of outdated SSL protocols. When I attempt to use the following line in my ssl.conf
SSLProtocol -all +TLSv1.1
and then run a configest
service httpd24-httpd configtest
I am presented with the error
SSLProtocol: Illegal protocol 'TLSv1.1'
I've narrowed this down to possibly an outdated version of OpenSSL. When I began this process I was on the version OpenSSL 1.0.1e-fips 11 Feb 2013 and I've updated that to a more recent version by following these instructions: http://www.ehowstuff.com/how-to-install-and-update-openssl-on-centos-6-centos-7/
Now when I check the version I get OpenSSL 1.0.2l 25 May 2017 however I still get the same error during the configtest. I'm thinking at this point that the mod_ssl.so file in apache needs to be upgraded but I am sort of at a loss for my next steps (I'm a little out of my depth at this point). Since I downloaded httpd24 as a package I never had to compile it and I'm not sure of where to go next. As far as I understand, it's possible to include a new mod_ssl.so without recompiling Apache, but in practice I don't know how I'd go about that.
linux centos apache-httpd openssl
asked Aug 13 '17 at 23:43
Ryan Salsman
412
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to pass a vulnerability scan for my CentOS 6.9 server. The last of the issues I am attempting to resolve relate to the use of outdated SSL protocols. When I attempt to use the following line in my ssl.conf
SSLProtocol -all +TLSv1.1
and then run a configest
service httpd24-httpd configtest
I am presented with the error
SSLProtocol: Illegal protocol 'TLSv1.1'
I've narrowed this down to possibly an outdated version of OpenSSL. When I began this process I was on the version OpenSSL 1.0.1e-fips 11 Feb 2013 and I've updated that to a more recent version by following these instructions: http://www.ehowstuff.com/how-to-install-and-update-openssl-on-centos-6-centos-7/
Now when I check the version I get OpenSSL 1.0.2l 25 May 2017 however I still get the same error during the configtest. I'm thinking at this point that the mod_ssl.so file in apache needs to be upgraded but I am sort of at a loss for my next steps (I'm a little out of my depth at this point). Since I downloaded httpd24 as a package I never had to compile it and I'm not sure of where to go next. As far as I understand, it's possible to include a new mod_ssl.so without recompiling Apache, but in practice I don't know how I'd go about that.
linux centos apache-httpd openssl
asked Aug 13 '17 at 23:43
Ryan Salsman
412
I'm trying to pass a vulnerability scan for my CentOS 6.9 server. The last of the issues I am attempting to resolve relate to the use of outdated SSL protocols. When I attempt to use the following line in my ssl.conf
SSLProtocol -all +TLSv1.1
and then run a configest
service httpd24-httpd configtest
I am presented with the error
SSLProtocol: Illegal protocol 'TLSv1.1'
I've narrowed this down to possibly an outdated version of OpenSSL. When I began this process I was on the version OpenSSL 1.0.1e-fips 11 Feb 2013 and I've updated that to a more recent version by following these instructions: http://www.ehowstuff.com/how-to-install-and-update-openssl-on-centos-6-centos-7/
Now when I check the version I get OpenSSL 1.0.2l 25 May 2017 however I still get the same error during the configtest. I'm thinking at this point that the mod_ssl.so file in apache needs to be upgraded but I am sort of at a loss for my next steps (I'm a little out of my depth at this point). Since I downloaded httpd24 as a package I never had to compile it and I'm not sure of where to go next. As far as I understand, it's possible to include a new mod_ssl.so without recompiling Apache, but in practice I don't know how I'd go about that.
linux centos apache-httpd openssl
linux centos apache-httpd openssl
asked Aug 13 '17 at 23:43
Ryan Salsman
412
asked Aug 13 '17 at 23:43
Ryan Salsman
412
asked Aug 13 '17 at 23:43
Ryan Salsman
412
asked Aug 13 '17 at 23:43
Ryan Salsman
412
asked Aug 13 '17 at 23:43
Ryan Salsman
412
412
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Had the same problem just now. Comparing differences between a couple of servers I realised the one having the issues did not have mod_ssl installed somehow.
yum install mod_ssl
fixed this problem for me.
answered Aug 18 '17 at 14:23
Cheech
1
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Had the same problem just now. Comparing differences between a couple of servers I realised the one having the issues did not have mod_ssl installed somehow.
yum install mod_ssl
fixed this problem for me.
answered Aug 18 '17 at 14:23
Cheech
1
add a comment |
up vote
0
down vote
Had the same problem just now. Comparing differences between a couple of servers I realised the one having the issues did not have mod_ssl installed somehow.
yum install mod_ssl
fixed this problem for me.
answered Aug 18 '17 at 14:23
Cheech
1
add a comment |
up vote
0
down vote
up vote
0
down vote
Had the same problem just now. Comparing differences between a couple of servers I realised the one having the issues did not have mod_ssl installed somehow.
yum install mod_ssl
fixed this problem for me.
answered Aug 18 '17 at 14:23
Cheech
1
Had the same problem just now. Comparing differences between a couple of servers I realised the one having the issues did not have mod_ssl installed somehow.
yum install mod_ssl
fixed this problem for me.
answered Aug 18 '17 at 14:23
Cheech
1
answered Aug 18 '17 at 14:23
Cheech
1
answered Aug 18 '17 at 14:23
Cheech
1
answered Aug 18 '17 at 14:23
Cheech
1
1
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f385937%2fhow-to-resolve-sslprotocol-illegal-protocol-tlsv1-1-in-centos-6-9%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
