How to Disable TLSv1 Protocol in Apache2


I had a client who need to disable TLSv1 from the config of SSL for his website. This is a PCI requirement state that TLSv1 must be disabled by June 30, 2018. This article will explain how can disable TLSv1 from your SSL enabled website running on Apache2 web server.

This is the warning you will see when you running a compliance check from online tools. I have run the Test on Why No Padlock?

You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won’t break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.


First, edit your domain VirtualHost file located in /etc/apache2/sites-available and define SSLProtocal as follows.

SSLProtocol -all +TLSv1.2

This is the sample of full Apache SSL configuration file.

<VirtualHost *:80>
    Redirect permanent /

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerAdmin webmaster@localhost
                ServerName example.comm
                DocumentRoot /home/example

                ErrorLog ${APACHE_LOG_DIR}/
                CustomLog ${APACHE_LOG_DIR}/ combined

                SSLEngine on
                SSLProtocol -all +TLSv1.2
                SSLCertificateFile /etc/letsencrypt/live/
                SSLCertificateKeyFile /etc/letsencrypt/live/
                SSLCACertificateFile /etc/letsencrypt/live/
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars


Finally, restart the Apache2 service, executing the command below.

/etc/init.d/apache2 restart

Now run a Test again and you will see the Protocol warning, no longer shows and the PCI requirement has been passed.

That’s it. ?

Rating: 5.0/5. From 1 vote.
Please wait...

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

How to Disable TLSv1 Protocol in Apache2

time to read: 1 min