Skip to main content

error during enable TLSv1.3 in cPanel86

Comments

32 comments

  • Spirit55555
    I have the same problem, can confirm that the posted workaround works.
    0
  • cPanelLauren
    You must specify what you're adding if you're adding more than one in this instance. I can confirm the following works: +TLSv1.2 +TLSv1.3
    My output from SSL Labs when using this indicates the following:
    0
  • ciao70
    You must specify what you're adding if you're adding more than one in this instance. I can confirm the following works: +TLSv1.2 +TLSv1.3
    My output from SSL Labs when using this indicates the following: -33-41.png">63573

    +TLSv1.2 +TLSv1.3
    Works :) For Enable TLS 1.3 on Cpanel/WHM? Thanks
    0
  • bonny3
    Hi, Can you indicate where to activate and how Tls1.3 please?
    0
  • ciao70
    Hello, For Apache WHM"s Global Configuration interface (Home >> WHM >> Service Configuration >> Apache Configuration >> Global Configuration). +TLSv1.2 +TLSv1.3
    0
  • cPanelLauren
    Hello, For Apache WHM"s Global Configuration interface (Home >> WHM >> Service Configuration >> Apache Configuration >> Global Configuration). +TLSv1.2 +TLSv1.3

    This is correct, thanks @ciao70
    0
  • ciao70
    Hello, For Enable TLS 1.3 on Cpanel/WHM? always +TLSv1.2 +TLSv1.3 ?
    0
  • bonny3
    that's right?
    0
  • ciao70
    Change in +TLSv1.2 +TLSv1.3
    0
  • bonny3
    Change in +TLSv1.2 +TLSv1.3

    should this part be eliminated? ALL -SSLv3 -TLSv1 -TLSv1.1
    0
  • ciao70
    Yes Only +TLSv1.2 +TLSv1.3
    0
  • bonny3
    Yes Only +TLSv1.2 +TLSv1.3

    Ok Thanks.. ALL -SSLv3 -TLSv1 -TLSv1.1 are these systems no longer used?
    0
  • ciao70
    I do not know :)
    0
  • cPanelLauren
    They should not be used any longer, cPanel does not automatically support them either.
    0
  • ciao70
    They should not be used any longer, cPanel does not automatically support them either.

    For Enable TLS 1.3 on Cpanel/WHM? Service Configuration ---->cPanel Web Services Configuration always +TLSv1.2 +TLSv1.3 ? Thanks
    0
  • vlee
    How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3?
    0
  • PbG
    I would like to know this as well?
    How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3?

    0
  • cPanelLauren
    The OpenSSL package that was released was for EasyApache
    0
  • yaashul
    No change in SSL Cipher Suite need to enable TLS 1.3?
    0
  • celiac101
    I am using CENTOS 7.8 v88.0.11 and Easy Apache 4 and cannot get TLS v1.3 working using any of the above methods. Any idea why this doesn't work in 88?
    0
  • cPanelLauren
    Can you show me exactly what you've added and how you've determined it's not functioning? Also can you confirm you have the ea-openssl packages as follows: [root@server ~]# rpm -qa |grep ea-openssl1 ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64 ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
    0
  • celiac101
    When I run that command it shows this: ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64 And I determined it was not working via running my site at:
    0
  • cPanelLauren
    It is missing and the command to install it is yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
    What did you set in WHM>>Service Configuration>>Apache Configuration -> Global Configuration -> SSL/TLS Protocols? Here is what I have and my results on the same server from Qualys +TLSv1.2 +TLSv1.3
    0
  • celiac101
    Ok, I have the same protocols in my apache config. +TLSv1.2 +TLSv1.3 Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down.
    0
  • cPanelLauren
    Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down.

    Nope, at least it didn't for me. It will restart apache though which should be unnoticeable.
    0
  • celiac101
    I ran: yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64 and the install was successful: # rpm -qa |grep ea-openssl1 ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64 ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64 and I restarted Apache and the Engintron plugin (I am running NGINX). Unfortunately the retest of my server at Qualys SSL Labs still does not show it working:
    TLS 1.3 No
    0
  • cPanelLauren
    Oh you didn't mention you were running Engintron's NGINX. This is probably a cached setting in NGINX. If you switch to Apache alone and run this once more does the issue persist?
    0
  • celiac101
    So when I turn off Engintron my TLS 1.3 works fine: This server supports TLS 1.3. When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it. If you have any ideas please let me know.
    0
  • cPanelLauren
    So when I turn off Engintron my TLS 1.3 works fine: This server supports TLS 1.3. When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it. If you have any ideas please let me know.

    I don't know, it might the best to ask engintron. The issue is that their software has been known to cause issues with cPanel.
    0
  • Duplika
    Would like to know this as well.
    How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3?

    0

Please sign in to leave a comment.