Richard G
Verified User
I would like to ask if it's not better to disable TLSv1.0 in Apache by default?
Because The Payment Card Industry Security Standards Council (PCI SSC) has set june 30th as the deadline for this TLS version.
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
I know I can disable it by using a custom http-ssl.conf but if well-known standards are not using it anymore, wouldn't it be better to disable it by default?
This prevents the need of the custom file.
Same goes for SSL 1.0 but that was already disabled earlier if I'm not mistaken.
Because The Payment Card Industry Security Standards Council (PCI SSC) has set june 30th as the deadline for this TLS version.
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
I know I can disable it by using a custom http-ssl.conf but if well-known standards are not using it anymore, wouldn't it be better to disable it by default?
This prevents the need of the custom file.
Same goes for SSL 1.0 but that was already disabled earlier if I'm not mistaken.