How to score an A+ with Apache SSL/TLS encryption

HTTPS Encryption is a hot topic these days.
With TLS1.0 coming to end you are advised to disable all protocols lower than TLSv1.1.

Please follow the guide underneath to only allow TLSv1.1 and 1.2 with strong Ciphering:

Edit your vhost configuration and add the following options at your certificate settings:

SSLEngine On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite HIGH:!aNULL:!MD5

SSLHonorCipherOrder on
SSLCompression      off
SSLSessionTickets   off

After this reload apache and run a test on

In case you still experience poor results check the following files for overruling SSL Protocol and Ciphering settings.
The same settings like SSLProtocol and SSLCipherSuite are probably listed underneath. You can comment them out using a hash (#) or put the settings above in these files.
In case of Apache2 (Debian/Ubuntu):


In case of HTTP (CentOS/RHEL/Fedora):


If Let’s Encrypt is installed:


Leave a Reply

Your email address will not be published.