I know you can set the protocol/cipher via your web server:
Nginx:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; Apache:
SSLProtocol all -SSLv2 SSLCipherSuite HIGH:!aNULL:!MD5 But my question is can a SSL Certificate be created to only work with certain protocols?
And can a certificate be created to only work with certain ciphers?
.. to only work with certain protocols? .. to only work with certain ciphers?
Certificates are mostly protocol independent.
But there is a slight correlation between certificate and cipher: one part of the cipher specifies the authentication algorithm and the possible algorithms depend on the kind of certificate. This means that you cannot use a RSA certificate with a *_ECDSA_* cipher and no ECDSA certificate with RSA key exchange. There are also ECDH (not ECDHE) and DH (not DHE) ciphers which require specific information in the certificate. But the choice of symmetric encryption (i.e. AES, RC4...) and the HMAC is independent from the certificate.
Which means the type of certificate limits which ciphers can be used but you cannot restrict the possible ciphers or protocols directly with some information in the certificate.
It would help if you think of the certificate based authentication or identify verification, separate from the integrity exchange, where the SSL ciphers really come in.
The certificate is only good for verifying the server "X" is really "X" and not "x".
The ciphers are, instead, used to provide a mechanism where you establish the symmetric key for data exchange. As you would guess, this phase would happen once the server authencity has been established.
-SSLv3. In addition to the answer (and my comment) below, nothing in the cert can control which SSL/TLS versions; however, an X.509 cert can and usually does use the ExtendedKeyUsage extension (EKU) to limit to SSL/TLS and not email (S/MIME) or vice versa, which is a 'certain' protocol but likely not the 'certain' protocol you wanted.