Skip to main content
OCLC Support

How do I turn off TLS 1.0 and TLS 1.1 protocols in EZproxy

  1. Last updated
  2. Save as PDF
Symptom
  • EZproxy is allowing SSL protocols that you do not want it to allow
Applies to
  • EZproxy version 6.1.13 and newer
Resolution
  1.  Add the OpenSSL command below before the LoginPortSSL directive in the config.txt to only allow TLS 1.2 protocols to be used with EZproxy

  2. SSLOpenSSLConfCmd Protocol TLSv1.2

  3. SSLOpenSSLConfCmd Protocol -TLSv1, -TLSv1.1 can be used if the first version does not work.

Additional information

This command SSLOpenSSLConfCmd Protocol  can also be used as a negative(-) to remove specific protocols from being allowed.  SSLOpenSSLConfCmd Protocol -TLSv1 is an example to stop EZproxy from accepting TLS 1 protocols.

Page ID
25818