TLS: Enabling TLS 1.3 support in Apache on Ubuntu

By PNC No comments

Recently,  TLS or Transport Layer Security released its newest version 1.3. For security reason you ran your website into a TLS checker, and if your website is not yet using the latest version or doesn’t support it yet, there are times that it throws a message that you need to update your website TLS version support.

TLS v1.0 and TLS v1.1 according to this TLS checking websites are no longer safe and these versions are deprecated at could compromise your website’s security.  So a bunch of them are requiring you to update your TLS OR if your server doesn’t support the latest TLS version, then you have to update your server as well.

Here, we’ll show you how to update the TLS support coverage in APACHE on Ubuntu.  Most likely if your WordPress is using an Apache server, for sure this will come in handy.

TAKE NOTE THAT TLSv1.3 IS ONLY AVAILABLE AT APACHE 2.4 SO MAKE SURE TO CHECK YOUR APACHE VERSION FIRST.

Let’s begin.

Enabling/Disabling TLS support in APACHE on UBUNTU


FOR WEBSITES THAT USES SSL.CONF

  1. At the terminal, go to “etc/apache2/mods-available/” directory.
  2. Once there, look for a file named “ssl.conf”.
  3. Type the command “sudo nano ssl.conf” to edit the file.
  4. At the file, look for a line with SSLProtocol.  This is where we’ll change the TLS support.  By default you’ll see:

    SSLProtocol all -SSLv3

    To support TLSv1.3 and remove the old TLS version from your current settings:

    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

  5. Update the file, save it, and restart the apache server:

    sudo service apache2 restart


FOR WEBSITES USING LETSENCRYPT

  1. At the terminal, go to “etc/letsencrypt/” directory.
  2. Look for the file “options-ssl-apache.conf”.
  3. Edit the file by typing the command “sudo nano options-ssl-apache.conf”.
  4. Look for the line with SSLProtocol.  Then same approach apply in changing the TLS support values.
  5. Update the file, save it, and restart the apache server:

    sudo service apache2 restart


FOR WEBSITES IN WORDPRESS USING APACHE IN GCP OR AWS – BITNAMI

  1. At the terminal, go to “opt/bitnami/apache2/conf/bitnami/” directory.
  2. Look for the file “bitnami.conf”.
  3. Edit the file by typing the command “sudo nano bitnami.conf”
  4. Look for the line with SSLProtocol.  Then repeat the same approach we did in changing the TLS support values.
  5. After updating the file, save it and restart the server by using the command:

    sudo /opt/bitnami/ctlscript.sh restart apache


We hope this will help. Good luck!