While trying to clear up some old SSL protocol support I found that using for following didn’t seem to resolve the issue. – credit to this article
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 When you have multiple TLS VirtualHosts and use Server Name Indication (SNI) it is an allowed syntax to have a SSLProtocol directive for each VirtualHost, but unless you have IP VirtualHosts in practice the settings from the first occurrence of the SSLProtocol directive are used for the whole server and/or all name-based VirtualHosts supporting TLS.
So check your main httpd.conf (and all included snippets from for instance conf.d/*.conf and similar includes) for more occurrences of the SSLProtocol directive.
simply using:
SSLProtocol TLSv1.2
If you have multiple virtual hosting then you have to update all configurations file, otherwise,ssl.conf is enough.
To check TSL supporting version:
# nmap --script ssl-enum-ciphers -p 443 192.168.1.100 | grep TLSv
| TLSv1.0:
| TLSv1.1:
| TLSv1.2:
Modify the Apache configuration file vi /etc/httpd/conf.d/web.conf remove all TLS and allow only TLS1.2.
SSLProtocol TLSv1.2
Validate after the modification.
# grep SSLProtocol /etc/httpd/conf.d/web.conf(or whatever yours is called)
SSLProtocol TLSv1.2
# nmap --script ssl-enum-ciphers -p 443 192.168.1.100 | grep TLSv
| TLSv1.2:
# service httpd restart