Apache:
Strong Ciphers
To only allow strong ciphers on your website, add the following at the end of your VirtualHost config:
SSLCipherSuite HIGH:!aNULL:!MD5
Disable insecure SSL/TLS
To disable SSL entirely, and disable TLS 1.0 and 1.1, add the following to the end of your VirtualHost config:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Apache and Let’s Encrypt:
Two bits of information that might help future readers:
1) You can test if the change worked in the terminal with
openssl s_client -connect wiki.maikelbosters.nl:443 -tls1
SSLLabs is good but takes too long.
2) If you have Let’s Encrypt, you need to edit:
/etc/letsencrypt/options-ssl-apache.conf