How to enable or disable SSL and TLS versions :: GlobalSign Support (2024)

Table of Contents
GlobalSign Support Introduction Disabling SSLv2,SSLv3, TLSv1, and TLSv1.1 Enabling TLS versions References Related Articles GlobalSign System Alerts Atlas Discovery SSL Configuration Test Contact Support FAQs

How to enable or disable SSL and TLS versions :: GlobalSign Support (1)

GlobalSign Website in other countries/regions

Menu

GlobalSign Support

Jul 1, 2020

Introduction

Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both cryptographic protocols providing communication security over a network; for example a client connecting to a web server. A "handshake" is done at the start of a TLS or SSL connection. During this handshake the client and server will work out what mutual ciphers and hash algorithms are supported. This is also where a server will provide its digital certificate to a connecting client.

TLS is the continuation of SSL. Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL and TLS protocols. For this reason, you should disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1 in your server configuration, leaving only TLS protocols 1.2 and 1.3 enabled.

Disabling SSLv2,SSLv3, TLSv1, and TLSv1.1

APACHE
Depending on your configuration, this may need to be changed in multiple locations.

The default Apache configuration file can be found:


On Debian / Ubuntu based systems: /etc/apache2/apache2.conf
On Red Hat / CentOS based systems: /etc/httpd/conf/httpd.conf

If it is configured in a virtual host, the configuration files will generally be:
On Debian / Ubuntu based systems: /etc/apache2/sites-enabled/
On Red Hat / CentOS based systems: /etc/httpd/sites-enabled/

In your configuration file(s), find the entry "SSLProtocol" and modify it to look like:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

This tells Apache to enable all protocols, but disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1. The last step is to restart the Apache service:

service apache2 restart
or
service httpd restart


NGINX

NGINX may also be configured in multiple places. The global NGINX configuration file is located in:
/etc/nginx/nginx.conf

It may also be in individual server block configurations in:
/etc/nginx/sites-enabled/

In your configuration file(s), find the entry for "ssl_protocols" and modify it to match the following:
ssl_protocols TLSv1.2;

This tells NGINX to only enable the TLS 1.2 protocol. Restart NGINX to complete the changes:
service nginx restart


TOMCAT

The configuration file for Tomcat should be in:
TOMCAT_HOME/conf/server.xml

Tomcat 5 & 6 (Prior to 6.0.38)
Within the server.xml, find the sslProtocols entry and make sure only TLS 1.2 protocol is specified:
sslProtocols = "TLSv1.2"

Tomcat 6 & 7 (6.0.3.8 and newer)
Within the server.xml file, find the sslEnabledProtocols entry and make sure only TLS 1.2 protocol is specified:
sslEnabledProtocols = "TLSv1.2"

Restart the Tomcat service to complete the changes.

Enabling TLS versions

ANDROID

TLS 1.1 and TLS 1.2 are supported within Android starting API level 16+ (Android Jelly Bean):
https://developer.android.com/reference/javax/net/ssl/SSLSocket?hl=zh-cn

APPLE

Enabling TLS or SSL in Apple: https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/SecureNetworking/SecureNetworking.html

References

1. TLS Protocol Compatibility
2. It's time to Disable TLS 1.0 (and All SSL Versions) If You Haven't Already

See Also
How to Fix "Your Connection is Not Private" Error (18 Tips)How to Enable TLS 1.2 on Windows | Windows OS HubKB5017811—Manage Transport Layer Security (TLS) 1.0 and 1.1 after default behavior change on September 20, 2022Enable Support for TLS 1.2 or 1.3 on Web Browsers

Related Articles

DomainSSL Overview

Feb 28, 2020, 7:27 AM

An Overview of DomainSSLAs one of the most popular SSL Certificates on the web, DomainSSL is one of the fastest and most affordable ways to activate strong SSL protection for your website. DomainSSL is fully automated which means you'll be able to start protecting your ecommerce, logins, webmail and more in just a few minutes, 24/7.keywords: domain ssl overview, domain ssl certificates, dv ssl certificates, dvssl, dv, ssl, domain overview

Read More

OrganizationSSL Overview

Mar 2, 2020, 7:38 AM

High assurance OrganizationSSL Certificates provide instant identity confirmation and strong SSL protection for your website. Your customers see that GlobalSign has authenticated your identity - strengthening their trust that they're doing business with the right people.

Read More

How to add DNS CAA record in a hosted DNS

Mar 8, 2020, 3:46 PM

This article will provide the guidelines in adding a Certification Authority Authorization (CAA) record in a hosted DNS. If this is not the solution you are looking for, please search for your solution in the search bar above. Note: If you have any issues or questions whether CAA is supported with your setup, contact your DNS manager for further details.

Read More

See Also
TLS vs. SSL. What Security Protocol Should You Be Using? - Altigen

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support

If you are an Atlas portal user, please submit request to support-atlas@globalsign.com.

Contact Us

close

Sales: 1-877-775-4562
Support: 1-877-775-4562
E-Mail: sales-us@globalsign.com

As a cybersecurity expert with extensive experience in cryptographic protocols, SSL/TLS, and web server security, I'll delve into the concepts mentioned in the article "How to enable or disable SSL and TLS versions." My expertise is demonstrated by a comprehensive understanding of the intricacies involved in securing communication over networks and configuring popular web servers like Apache, NGINX, and Tomcat.

The article primarily focuses on SSL (Secure Socket Layer) and its successor, TLS (Transport Layer Security), cryptographic protocols that ensure secure communication over a network, particularly between clients and web servers. The "handshake" mentioned in the article refers to the initial negotiation between the client and server to establish mutually supported ciphers and hash algorithms.

The key concepts covered in the article include:

  1. SSL and TLS Protocols:

    • SSL and TLS are cryptographic protocols used for securing communication over a network.
    • TLS is the successor to SSL, addressing vulnerabilities identified in earlier SSL versions.

  2. Disabling Insecure Protocols:

    • Due to identified vulnerabilities, it is recommended to disable older and less secure protocols such as SSLv2, SSLv3, TLS 1.0, and TLS 1.1.
    • This is crucial for enhancing the overall security of the communication channel.

  3. Configuring Apache:

    • The article provides instructions for configuring the Apache web server to disable insecure protocols.
    • The SSLProtocol directive in Apache's configuration file is modified to enable TLS protocols (1.2 and 1.3) and disable older versions.

  4. Configuring NGINX:

    • NGINX, another popular web server, also requires configuration to disable insecure protocols.
    • The ssl_protocols directive in NGINX's configuration file is adjusted to enable only TLS 1.2.

  5. Configuring Tomcat:

    • Tomcat, a widely used application server, is addressed in the article for TLS configuration.
    • Depending on the Tomcat version, the sslProtocols or sslEnabledProtocols entry in the server.xml file is modified to support only TLS 1.2.

  6. Enabling TLS Versions:

    • The article briefly touches on enabling TLS versions in Android and Apple environments.
    • Android supports TLS 1.1 and TLS 1.2 starting from API level 16+, while Apple provides documentation on enabling TLS or SSL.

  7. References:

    • The article cites external references on TLS protocol compatibility and the urgency of disabling TLS 1.0 and older SSL versions.

In conclusion, my expertise in cryptographic protocols and web server security affirms the importance of implementing strong security measures, such as enabling the latest TLS versions and disabling deprecated protocols, to safeguard communication channels on the internet.

How to enable or disable SSL and TLS versions :: GlobalSign Support (2024)

FAQs

How to enable or disable SSL and TLS versions? ›

In the Internet Options window on the Advanced tab, under Settings, scroll down to the Security section. In the Security section, locate the Use SSL and Use TLS options and uncheck Use SSL 3.0 and Use SSL 2.0. If they are not already selected, check Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

Read On
How do I enable SSL or TLS? ›

Enable SSL/TLS in Google Chrome
  1. Open Google Chrome.
  2. Press Alt + f and click on settings.
  3. Select the Show advanced settings option.
  4. Scroll down to the Network section and click on Change proxy settings button.
  5. Now go to the Advanced tab.
  6. Scroll down to the Security category.
  7. Now check the boxes for your TLS/SSL version.
Apr 20, 2017

Discover More Details
How do I enable SSL 3.0 TLS 1.0 TLS 1.1 and TLS 1.2 in advanced settings? ›

Open the Tools menu (click on the tools icon or type Alt - x) and select Internet options. Select the Advanced tab. Scroll down to the bottom of the Settings section. If TLS is not enabled, select the checkboxes next to Use TLS 1.0, Use TLS 1.1, and Use TLS 1.2.

Continue Reading
How to disable SSL 2.0 and 3.0 in Chrome? ›

Go to Settings, Internet Options and click on the Advanced tab. Scroll down until you see the Use SSL 3.0 checkbox and uncheck it.

See Details
How can I tell if SSL or TLS is enabled? ›

How to identify if an SSL/TLS protocol is enabled/disabled
  1. Click Start or press the Windows key.
  2. In the Start menu, either in the Run box or the Search box, type regedit and press Enter. ...
  3. Navigate to follow the registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols.

Find Out More
How do I enable TLS version? ›

Google Chrome
  1. From the Start Menu > Open 'Internet Options' Options > Advanced tab.
  2. Scroll down to the Security category, manually check the option box for Use TLS 1.2 and un-check the option box for Use TLS 1.1 and Use TLS 1.0.
  3. Click OK.
  4. Close your browser and restart Google Chrome.
Oct 21, 2023

Tell Me More
How do you check TLS 1.1 is enabled or not? ›

Google Chrome
  1. Open Google Chrome.
  2. Click Alt F and select Settings.
  3. Scroll down and select Show advanced settings...
  4. Scroll down to the Network section and click on Change proxy settings...
  5. Select the Advanced tab.
  6. Scroll down to Security category, manually check the option box for Use TLS 1.1 and Use TLS 1.2.
  7. Click OK.
Nov 1, 2023

Show Me More
How do I change SSL TLS settings in Chrome? ›

Configure SSL/TLS settings for Chrome browser from [Settings] -> [Show Advanced Settings] -> [Change Proxy Settings] -> [Advanced]. Scroll down to the Security settings. Click To See Full Image. Best Practice: Compare browser settings of a working computer with the conflicting one and perform the necessary changes.

Explore More
How do I disable TLS 1.0 and TLS 1.1 protocols? ›

Step 1: Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols". Create a key named "TLS 1.1" with two DWORDs for both TLS 1.0 & 1.1: "DisabledByDefault=1" & "Enabled=0".

Continue Reading
How do I disable SSL settings? ›

​​ Disable Universal SSL certificate

Select your domain. Go to SSL/TLS > Edge Certificates. For Disable Universal SSL, select Disable Universal SSL. Read the warnings in the Acknowledgement.

Show Me More

How to check if SSL 2.0 is enabled or not? ›

Find the following registry key/folder:
  1. If you have SSL 2.0 listed, right click on it and select New-> Key and create a new folder called Server.
  2. Under the Server folder, click Edit > New > DWORD (32-bit value)
  3. Enter Enabled and press enter. The data column should have the value 0, if not right-click and set it to zero.

Read The Full Story
How to check TLS version in Chrome? ›

For Google Chrome & Microsoft Edge browser: o In the Windows menu search box, type 'Internet options'. o In the Internet Properties window, on the 'Advanced' tab, scroll down to the 'Security' section. o Make sure the 'User TLS 1.2' checkbox is checked.

See Details
How do I enable disable TLS in Windows? ›

Open registry on your server by running regedit in the run window. Navigate to the below location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols . Now change DWORD values under Server and Client under TLS 1.0: DisabledByDefault [Value = 0] and Enabled [Value = 0] .

Get More Info Here
How to disable TLS 1.0 and 1.1 on port 443? ›

Create a key named "TLS 1.1" with two DWORDs for both TLS 1.0 & 1.1: "DisabledByDefault=1" & "Enabled=0". Similarly, create a key named "TLS 1.0" with two DWORDs for each protocol, "DisabledByDefault=1" & "Enabled=0".

Continue Reading
How do I turn off SSL? ›

​​ Disable Universal SSL certificate

Select your domain. Go to SSL/TLS > Edge Certificates. For Disable Universal SSL, select Disable Universal SSL. Read the warnings in the Acknowledgement.

View More
Top Articles
DIY Investing with New TD Direct Investing Goals | Jessica Moorhouse
A Financial Advisor Will Boost Your Retirement Savings
Kem Minnick Playboy
Caesars Rewards Loyalty Program Review [Previously Total Rewards]
Faint Citrine Lost Ark
Cad Calls Meriden Ct
Health Benefits of Guava
Chalupp's Pizza Taos Menu
Toyota gebraucht kaufen in tacoma_ - AutoScout24
Encore Atlanta Cheer Competition
Minn Kota Paws
Fallout 4 Pipboy Upgrades
Does Publix Have Sephora Gift Cards
What is the surrender charge on life insurance?
Full Range 10 Bar Selection Box
Mawal Gameroom Download
Lqse-2Hdc-D
Used Drum Kits Ebay
Sivir Urf Runes
Dignity Nfuse
Heart and Vascular Clinic in Monticello - North Memorial Health
Tyrone Unblocked Games Bitlife
Pokemon Unbound Shiny Stone Location
Johnnie Walker Double Black Costco
Yog-Sothoth
John Chiv Words Worth
Mybiglots Net Associates
Bethel Eportal
What Is The Lineup For Nascar Race Today
8000 Cranberry Springs Drive Suite 2M600
Suspiciouswetspot
Hdmovie2 Sbs
Login.castlebranch.com
Basil Martusevich
Springfield.craigslist
Gr86 Forums
Sinfuldeeds Vietnamese Rmt
Ewwwww Gif
Main Street Station Coshocton Menu
Xxn Abbreviation List 2023
Guy Ritchie's The Covenant Showtimes Near Grand Theatres - Bismarck
Isabella Duan Ahn Stanford
Squalicum Family Medicine
Dontrell Nelson - 2016 - Football - University of Memphis Athletics
Movie Hax
Value Village Silver Spring Photos
Mail2World Sign Up
The top 10 takeaways from the Harris-Trump presidential debate
Mikayla Campinos Alive Or Dead
Definition of WMT
Latest Posts
How Do Robo Advisors Work? How Tech Impacts Investing
Bill ‘On Digital Currency’ Caps Crypto Investments for Russians, Opens Door for Payments - YesMobile
Article information

Author: Cheryll Lueilwitz

Last Updated:

Views: 6293

Rating: 4.3 / 5 (74 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.