Share via

How to disable TLS 1.0 and 1.1 on Linux systems at OS level?

Arunprasad K 45 Reputation points
2025-02-19T08:35:16.8+00:00

Hi,

I would like to know how to disable TLS versions 1.0 and 1.1 at the OS level in Linux systems. My goal is to prevent any applications and databases running on those systems from using them. In Windows, I can directly modify the registry at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" and add a key to disable them by default. This is straightforward for me. However, every time I search Google about disabling TLS 1.0 and 1.1 in Linux, I find instructions on how to disable them in Nginx and Apache.

Is there any way we can disable them at the OS level? Please let me know what can be done.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,395 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Suresh Estharakula 0 Reputation points Microsoft Vendor
    2025-02-19T15:31:12.8966667+00:00

    Hi Arunprasad K,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    • To disable TLS 1.0 and 1.1, you will need to edit the configuration file containing the SSLProtocol directive for your server. This file may be located in different places depending on your platform, version, or other installations.
    • Ensure your Linux distribution is up to date before making these changes.

    Open SSL/TLS Configuration File:

    • The location of the SSL/TLS configuration file depends on your operating system.
    • Just look for the path included and change accordingly 
        Ubuntu/Debian: /etc/apache2/mods-available/ssl.conf
  CentOS/RHEL: /etc/httpd/conf.d/ssl.conf
    • Use a text editor with administrative privileges to open the configuration file.
    • Look for the SSLProtocol directive in the configuration file. This directive specifies the allowed SSL/TLS protocol versions.
    • Update the SSLProtocol directive to disable TLS 1.0 and TLS 1.1, and only allow TLS 1.2 and TLS 1.3. Add or modify the line to look like this: SSLProtocol TLSv1.2
    • Save your changes to the configuration file After making the changes, restart the server to apply the new configuration. 
        sudo systemctl restart apache2   # For Ubuntu/Debian
  sudo systemctl restart httpd     # For CentOS/RHEL

    If you found it helpful, could you kindly click the “Accept Answer and upvote” on the post.

    If you have any further queries, please let us know we are glad to help you.

    Thank you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.