I was examining my httpd.conf file and in the old server, I had this and I was PCI compliant:
SSLProtocol -All +TLSv1.2
In the new server, I have this and I just received a scan compliance notification informing that I am not PCI compliant:
SSLProtocol TLSv1.2
I see that in the old server I had -All. Does it mean that if I only have SSLProtocol TLSv1.2, I am allowing TLS 1.0 connections just by not disabling it explicitly?
UPDATE 1: Nevermind, I do not require an answer anymore, it was all a confusion with the scan report referring to a wrong IP address, not the one that I needed to evaluate.
Yvette Colomb (https://stackoverflow.com/users/3956566/yvette-colomb) deleted my answer stating this:
Please don't post identical answers to multiple questions. Instead, tailor the answer to the question asked. If the questions are exact duplicates of each other, please vote/flag to close instead.
So I am going to rephrase it: Nevermind, I do not require an answer anymore, it was all a confusion with the scan report referring to a wrong IP address, not the one that I needed to evaluate.