To deactivate TLS 1.0 and 1.1 in Apache

Modify the configuration file that contains the SSLProtocol directive for your website. The location of this file may vary based on your platform, version, or installation specifics. Potential locations include:

• /usr/local/apache2/conf/extra/httpd-ssl.conf (default Apache installation)
• /etc/apache2/mods-enabled/ssl.conf (Ubuntu/Debian)
• /private/etc/apache2/extra/httpd-ssl.conf (macOS)

Once you've identified the appropriate configuration file, search for a line starting with SSLProtocol. In this illustration, derived from a default macOS Apache setup, SSLv3 is disabled using the - operator, but TLS 1.0 and 1.1 are enabled:

SSLProtocol all -SSLv3

To disable all outdated versions of SSL/TLS supported by Apache, specify them as follows:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

The above configuration enables TLS 1.2, and if available in your environment, TLS 1.3 as well.