tomato42
commented
2 years ago "Supports..." line specifies the oldest versions that this configuration will work with. OpenSSL 3.0.0 does not add any new algorithms on TLS level.
Closed BillGoldstein closed 2 years ago
tomato42
commented
2 years ago "Supports..." line specifies the oldest versions that this configuration will work with. OpenSSL 3.0.0 does not add any new algorithms on TLS level.
april
commented
2 years ago Indeed, it indicates the oldest version supported, not the newest version supported. All three configurations should always work with the newest versions of software.
Add support for OpenSSL 3.0.0
https://ssl-config.mozilla.org/#server=apache&version=2.4.48&config=modern&openssl=3.0.0&guideline=5.6 gives:
apache 2.4.48, modern config, OpenSSL 3.0.0 Supports Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57, and Safari 12.1
FYI: Looks like Apache 2.4.49 will also add a new directive: "Add StrictHostCheck to allow unconfigured hostnames to be rejected." which may be appropriate for modern configurations.