We are currently experiencing a higher than usual ticket volume, and as a result there may be delays before we can reply to your ticket.
Please feel free to reference the information available in our Forums, Documentation, and Knowledge Base in the meantime.

Skip to main content

TLS 1.3 is not available in Dovecot/Exim/cpsrvd

Steven Sublett
  • Updated

Question

1. It could be safe to replace Dovecot/Exim with versions that include OpenSSL 1.1.1i statically compiled?
2. Is there any plan/ETA to add TLS 1.3 to every service?

 

Answer

cPanel added support for TLS 1.3 in version 86. Utilizing TLS 1.3 for services requires that the OpenSSL version is greater than 1.1.x. For example, Centos 7 servers use an older OpenSSL, which doesn't support TLS 1.3. Most of cPanel's services like Exim, Dovecot, and cpsrvd are linked to the OpenSSL version provided by the operating system.

 

Until the Operating system supports TLS 1.3, the highest TLS that can be used for these services is TLS 1.2. If TLS 1.3 is required for all services, it may be best to migrate to AlmaLinux/CloudLinux 8 servers. These servers support OpenSSL TLS 1.3 by default, which would address the concern.

 

Please do not try upgrading the OpenSSL manually, as this can cause a lot of issues. It is best to migrate to a system that already supports the required OpenSSL version or wait until the OpenSSL version is backported.

Related articles

Comments

0 comments

Article is closed for comments.