How to enable TLSv1.3 on apache2?
I am running Apache2 version:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-04-25T11:38:24
I would like to enable TLSv1.3 but I get an error below in Apache2 if I put SSLProtocol TLSv1.2 TLSv1.3
in the ssl.conf
file:
# apachectl configtest
AH00526: Syntax error on line 79 of /etc/apache2/mods-enabled/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
Action 'configtest' failed.
The Apache error log may have more information.
Is it not possible to enable TLSv1.3 in Apache2 (yet)?
I know Nginx can do it, but this question aims at Apache2.
apache-httpd ssl
add a comment |
I am running Apache2 version:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-04-25T11:38:24
I would like to enable TLSv1.3 but I get an error below in Apache2 if I put SSLProtocol TLSv1.2 TLSv1.3
in the ssl.conf
file:
# apachectl configtest
AH00526: Syntax error on line 79 of /etc/apache2/mods-enabled/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
Action 'configtest' failed.
The Apache error log may have more information.
Is it not possible to enable TLSv1.3 in Apache2 (yet)?
I know Nginx can do it, but this question aims at Apache2.
apache-httpd ssl
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38
add a comment |
I am running Apache2 version:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-04-25T11:38:24
I would like to enable TLSv1.3 but I get an error below in Apache2 if I put SSLProtocol TLSv1.2 TLSv1.3
in the ssl.conf
file:
# apachectl configtest
AH00526: Syntax error on line 79 of /etc/apache2/mods-enabled/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
Action 'configtest' failed.
The Apache error log may have more information.
Is it not possible to enable TLSv1.3 in Apache2 (yet)?
I know Nginx can do it, but this question aims at Apache2.
apache-httpd ssl
I am running Apache2 version:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-04-25T11:38:24
I would like to enable TLSv1.3 but I get an error below in Apache2 if I put SSLProtocol TLSv1.2 TLSv1.3
in the ssl.conf
file:
# apachectl configtest
AH00526: Syntax error on line 79 of /etc/apache2/mods-enabled/ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.3'
Action 'configtest' failed.
The Apache error log may have more information.
Is it not possible to enable TLSv1.3 in Apache2 (yet)?
I know Nginx can do it, but this question aims at Apache2.
apache-httpd ssl
apache-httpd ssl
edited 15 mins ago
Vlastimil
8,1011464139
8,1011464139
asked May 12 '18 at 2:54
James KowalskiJames Kowalski
18114
18114
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38
add a comment |
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38
add a comment |
4 Answers
4
active
oldest
votes
TLSv1.3 is not yet supported by Apache 2.4.
When it is supported by OpenSSL (see info here), Apache 2.4 should have it too.
add a comment |
TLSv1.3 is now supported in Apache2 version 2.4.36 with OpenSSL 1.1.1 Source.
add a comment |
As for TLS 1.3, as was pointed out in this answer, it is still a work in progress, not yet in production in Apache2.
As TLS 1.3 has been finally accepted IETF, it is probably going to production very soon. See their blog for some basic information.
Notes, too long for a comment:
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
You can follow this answer on Webmasters. It includes tips for the HSTS Preload list, which after some modifications, you should add the site into.
Your ciphers are wrong.
Please use (excerpt from my answer on Webmasters):
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
in order to get 95 or 100 % on SSL Labs - Ciper strength score, more info in my answer on Webmasters.
You should enable P-384 + P-256, and optionally P-521 curves, as stated in my answer on Webmasters.
TLS 1.1 is no longer mandatory.
- You have omitted TLS 1.1 protocol. It is still mandatory to HIPAA guidance AFAIK, you should consider enabling it for the time being.
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
add a comment |
Editor's Note
Beware, using a PPA might ruin your system, at least the future distribution upgrades, from my experience at least.
If you are ready to take the risk...
You may use this PPA, this command adds it to your system without any hassle:
sudo add-apt-repository ppa:ondrej/apache2
At the time of this writing, the current version was:
$ apache2 -v
Server version: Apache/2.4.37 (Ubuntu)
Server built: 2018-10-28T15:27:08
TLSv1.3 is supported in that version.
To enable it globally for all VirtualHosts, locate your ssl.conf
and set:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then restart Apache2 and it should be ready for a test, notably it on these sites:
https://www.ssllabs.com/ssltest/
https://www.htbridge.com/ssl/
My example result = TLSv1.3 enabled
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f443341%2fhow-to-enable-tlsv1-3-on-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
TLSv1.3 is not yet supported by Apache 2.4.
When it is supported by OpenSSL (see info here), Apache 2.4 should have it too.
add a comment |
TLSv1.3 is not yet supported by Apache 2.4.
When it is supported by OpenSSL (see info here), Apache 2.4 should have it too.
add a comment |
TLSv1.3 is not yet supported by Apache 2.4.
When it is supported by OpenSSL (see info here), Apache 2.4 should have it too.
TLSv1.3 is not yet supported by Apache 2.4.
When it is supported by OpenSSL (see info here), Apache 2.4 should have it too.
edited 21 mins ago
Vlastimil
8,1011464139
8,1011464139
answered May 12 '18 at 5:33
BoraBora
1595
1595
add a comment |
add a comment |
TLSv1.3 is now supported in Apache2 version 2.4.36 with OpenSSL 1.1.1 Source.
add a comment |
TLSv1.3 is now supported in Apache2 version 2.4.36 with OpenSSL 1.1.1 Source.
add a comment |
TLSv1.3 is now supported in Apache2 version 2.4.36 with OpenSSL 1.1.1 Source.
TLSv1.3 is now supported in Apache2 version 2.4.36 with OpenSSL 1.1.1 Source.
edited 19 mins ago
Vlastimil
8,1011464139
8,1011464139
answered Oct 13 '18 at 17:05
obencsobencs
6913
6913
add a comment |
add a comment |
As for TLS 1.3, as was pointed out in this answer, it is still a work in progress, not yet in production in Apache2.
As TLS 1.3 has been finally accepted IETF, it is probably going to production very soon. See their blog for some basic information.
Notes, too long for a comment:
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
You can follow this answer on Webmasters. It includes tips for the HSTS Preload list, which after some modifications, you should add the site into.
Your ciphers are wrong.
Please use (excerpt from my answer on Webmasters):
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
in order to get 95 or 100 % on SSL Labs - Ciper strength score, more info in my answer on Webmasters.
You should enable P-384 + P-256, and optionally P-521 curves, as stated in my answer on Webmasters.
TLS 1.1 is no longer mandatory.
- You have omitted TLS 1.1 protocol. It is still mandatory to HIPAA guidance AFAIK, you should consider enabling it for the time being.
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
add a comment |
As for TLS 1.3, as was pointed out in this answer, it is still a work in progress, not yet in production in Apache2.
As TLS 1.3 has been finally accepted IETF, it is probably going to production very soon. See their blog for some basic information.
Notes, too long for a comment:
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
You can follow this answer on Webmasters. It includes tips for the HSTS Preload list, which after some modifications, you should add the site into.
Your ciphers are wrong.
Please use (excerpt from my answer on Webmasters):
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
in order to get 95 or 100 % on SSL Labs - Ciper strength score, more info in my answer on Webmasters.
You should enable P-384 + P-256, and optionally P-521 curves, as stated in my answer on Webmasters.
TLS 1.1 is no longer mandatory.
- You have omitted TLS 1.1 protocol. It is still mandatory to HIPAA guidance AFAIK, you should consider enabling it for the time being.
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
add a comment |
As for TLS 1.3, as was pointed out in this answer, it is still a work in progress, not yet in production in Apache2.
As TLS 1.3 has been finally accepted IETF, it is probably going to production very soon. See their blog for some basic information.
Notes, too long for a comment:
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
You can follow this answer on Webmasters. It includes tips for the HSTS Preload list, which after some modifications, you should add the site into.
Your ciphers are wrong.
Please use (excerpt from my answer on Webmasters):
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
in order to get 95 or 100 % on SSL Labs - Ciper strength score, more info in my answer on Webmasters.
You should enable P-384 + P-256, and optionally P-521 curves, as stated in my answer on Webmasters.
TLS 1.1 is no longer mandatory.
- You have omitted TLS 1.1 protocol. It is still mandatory to HIPAA guidance AFAIK, you should consider enabling it for the time being.
As for TLS 1.3, as was pointed out in this answer, it is still a work in progress, not yet in production in Apache2.
As TLS 1.3 has been finally accepted IETF, it is probably going to production very soon. See their blog for some basic information.
Notes, too long for a comment:
HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
You can follow this answer on Webmasters. It includes tips for the HSTS Preload list, which after some modifications, you should add the site into.
Your ciphers are wrong.
Please use (excerpt from my answer on Webmasters):
ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA
in order to get 95 or 100 % on SSL Labs - Ciper strength score, more info in my answer on Webmasters.
You should enable P-384 + P-256, and optionally P-521 curves, as stated in my answer on Webmasters.
TLS 1.1 is no longer mandatory.
- You have omitted TLS 1.1 protocol. It is still mandatory to HIPAA guidance AFAIK, you should consider enabling it for the time being.
edited Oct 29 '18 at 4:05
answered May 12 '18 at 6:26
VlastimilVlastimil
8,1011464139
8,1011464139
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
add a comment |
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
What about now? :) I'm gonna see if ondrej will do a Tls1.3 build for us :)
– Michael Fever
Oct 6 '18 at 23:03
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
Not yet. But if you follow the apache-developers mailing list version 1.36 was just recently committed so we should see that trickle down to the repos soon. I will post here when it happens.
– Michael Fever
Oct 25 '18 at 23:28
add a comment |
Editor's Note
Beware, using a PPA might ruin your system, at least the future distribution upgrades, from my experience at least.
If you are ready to take the risk...
You may use this PPA, this command adds it to your system without any hassle:
sudo add-apt-repository ppa:ondrej/apache2
At the time of this writing, the current version was:
$ apache2 -v
Server version: Apache/2.4.37 (Ubuntu)
Server built: 2018-10-28T15:27:08
TLSv1.3 is supported in that version.
To enable it globally for all VirtualHosts, locate your ssl.conf
and set:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then restart Apache2 and it should be ready for a test, notably it on these sites:
https://www.ssllabs.com/ssltest/
https://www.htbridge.com/ssl/
My example result = TLSv1.3 enabled
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
add a comment |
Editor's Note
Beware, using a PPA might ruin your system, at least the future distribution upgrades, from my experience at least.
If you are ready to take the risk...
You may use this PPA, this command adds it to your system without any hassle:
sudo add-apt-repository ppa:ondrej/apache2
At the time of this writing, the current version was:
$ apache2 -v
Server version: Apache/2.4.37 (Ubuntu)
Server built: 2018-10-28T15:27:08
TLSv1.3 is supported in that version.
To enable it globally for all VirtualHosts, locate your ssl.conf
and set:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then restart Apache2 and it should be ready for a test, notably it on these sites:
https://www.ssllabs.com/ssltest/
https://www.htbridge.com/ssl/
My example result = TLSv1.3 enabled
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
add a comment |
Editor's Note
Beware, using a PPA might ruin your system, at least the future distribution upgrades, from my experience at least.
If you are ready to take the risk...
You may use this PPA, this command adds it to your system without any hassle:
sudo add-apt-repository ppa:ondrej/apache2
At the time of this writing, the current version was:
$ apache2 -v
Server version: Apache/2.4.37 (Ubuntu)
Server built: 2018-10-28T15:27:08
TLSv1.3 is supported in that version.
To enable it globally for all VirtualHosts, locate your ssl.conf
and set:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then restart Apache2 and it should be ready for a test, notably it on these sites:
https://www.ssllabs.com/ssltest/
https://www.htbridge.com/ssl/
My example result = TLSv1.3 enabled
Editor's Note
Beware, using a PPA might ruin your system, at least the future distribution upgrades, from my experience at least.
If you are ready to take the risk...
You may use this PPA, this command adds it to your system without any hassle:
sudo add-apt-repository ppa:ondrej/apache2
At the time of this writing, the current version was:
$ apache2 -v
Server version: Apache/2.4.37 (Ubuntu)
Server built: 2018-10-28T15:27:08
TLSv1.3 is supported in that version.
To enable it globally for all VirtualHosts, locate your ssl.conf
and set:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Then restart Apache2 and it should be ready for a test, notably it on these sites:
https://www.ssllabs.com/ssltest/
https://www.htbridge.com/ssl/
My example result = TLSv1.3 enabled
edited 8 mins ago
Vlastimil
8,1011464139
8,1011464139
answered Oct 29 '18 at 2:54
Aryeh BeitzAryeh Beitz
1092
1092
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
add a comment |
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Do you trust the official certbot PPA? (ppa:certbot/certbot)
– LinuxBabe
Nov 13 '18 at 7:07
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil Simply disable PPA in /etc/apt/source.list.d/ before doing distribution upgrade.
– LinuxBabe
Nov 13 '18 at 12:11
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
@Vlastimil That never happened to me.
– LinuxBabe
Nov 13 '18 at 13:22
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f443341%2fhow-to-enable-tlsv1-3-on-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
@WarrenYoung check my edit
– James Kowalski
May 12 '18 at 3:05
@bora, so basically I have no choice other than go to nginx or wait?
– James Kowalski
May 12 '18 at 5:16
@JamesKowalski, yes, pretty much. IETF recently approved it as a standard. I would wait instead of jumping into a brand new implementation by another HTTP server, but I guess your requirements for TLS 1.3 should dictate the decision. According to istlsfastyet.com there are currently three server software supporting it including NGINX.
– Bora
May 12 '18 at 5:42
Current Apache version in GA is 2.4.35, and it does not contain TLS 1.3 support. 2.4.37 will have it. I have written a post how to compile Apache yourself so you can have TLS 1.3 today: ayesh.me/TLSv1.3-Apache-Nginx
– Ayesh K
Oct 22 '18 at 8:38