We have updated Apache (2.4) to 2.4.29 with prefork mpm. Apache has dropped support for HTTP/2 module from 2.4.27 version for the prefork mpm. Hence the users who wish to use the HTTP/2 module are advised not to update the application.
The support for TLSv1 has been deprecated in the latest release of Apache. If you do not wish to update the Apache application but wish to update the ssl conf to deprecate the TLSv1 support than you can edit the ssl.conf located at:
Quote /usr/local/apps/apache2/etc/conf.d/ssl.conf
replace the SSLProtocol & SSLCipherSuite with the following:
Code SSLProtocol All -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384  HE-RSA-AES128-GCM-SHA256 HE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA HE-RSA-AES128-SHA256 HE-RSA-AES128-SHA HE-RSA-AES256-SHA256 HE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA ES-CBC3-SHA:!DSS:!3DES:!RC4 |
