error during enable TLSv1.3 in cPanel86
After update cPanel to v86 whe I try to enable TSLv1.3
I add in Apache Global Configuration:
TLSv1.2 TLSv1.3
(space separated)
But after this - only TLSv1.3 works !
It was checked olso via: SSL Server Test (Powered by Qualys SSL Labs)
It is probably bug in cPanel
I changed to:
All -SSLv3 -TLSv1 -TLSv1.1
and it works. But it is only walkaround
-
I have the same problem, can confirm that the posted workaround works. 0 -
You must specify what you're adding if you're adding more than one in this instance. I can confirm the following works: +TLSv1.2 +TLSv1.3
My output from SSL Labs when using this indicates the following:0 -
You must specify what you're adding if you're adding more than one in this instance. I can confirm the following works:
+TLSv1.2 +TLSv1.3
My output from SSL Labs when using this indicates the following: -33-41.png">63573
+TLSv1.2 +TLSv1.3
Works :) For Enable TLS 1.3 on Cpanel/WHM? Thanks0 -
Hi, Can you indicate where to activate and how Tls1.3 please? 0 -
Hello, For Apache WHM"s Global Configuration interface (Home >> WHM >> Service Configuration >> Apache Configuration >> Global Configuration). +TLSv1.2 +TLSv1.3
0 -
Hello, For Apache WHM"s Global Configuration interface (Home >> WHM >> Service Configuration >> Apache Configuration >> Global Configuration).
+TLSv1.2 +TLSv1.3
This is correct, thanks @ciao700 -
Hello, For Enable TLS 1.3 on Cpanel/WHM? always +TLSv1.2 +TLSv1.3 ? 0 -
that's right? 0 -
Change in +TLSv1.2 +TLSv1.3 0 -
Change in +TLSv1.2 +TLSv1.3
should this part be eliminated? ALL -SSLv3 -TLSv1 -TLSv1.10 -
Yes Only +TLSv1.2 +TLSv1.3 0 -
Yes Only +TLSv1.2 +TLSv1.3
Ok Thanks.. ALL -SSLv3 -TLSv1 -TLSv1.1 are these systems no longer used?0 -
They should not be used any longer, cPanel does not automatically support them either. 0 -
They should not be used any longer, cPanel does not automatically support them either.
For Enable TLS 1.3 on Cpanel/WHM? Service Configuration ---->cPanel Web Services Configuration always +TLSv1.2 +TLSv1.3 ? Thanks0 -
How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3? 0 -
I would like to know this as well? How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3?
0 -
No change in SSL Cipher Suite need to enable TLS 1.3? 0 -
I am using CENTOS 7.8 v88.0.11 and Easy Apache 4 and cannot get TLS v1.3 working using any of the above methods. Any idea why this doesn't work in 88? 0 -
Can you show me exactly what you've added and how you've determined it's not functioning? Also can you confirm you have the ea-openssl packages as follows: [root@server ~]# rpm -qa |grep ea-openssl1 ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64 ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
0 -
It is missing and the command to install it is yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
What did you set in WHM>>Service Configuration>>Apache Configuration -> Global Configuration -> SSL/TLS Protocols? Here is what I have and my results on the same server from Qualys+TLSv1.2 +TLSv1.3
0 -
Ok, I have the same protocols in my apache config. +TLSv1.2 +TLSv1.3 Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down. 0 -
Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down.
Nope, at least it didn't for me. It will restart apache though which should be unnoticeable.0 -
I ran: yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64 and the install was successful: # rpm -qa |grep ea-openssl1 ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64 ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64 and I restarted Apache and the Engintron plugin (I am running NGINX). Unfortunately the retest of my server at Qualys SSL Labs still does not show it working: TLS 1.3 No 0 -
Oh you didn't mention you were running Engintron's NGINX. This is probably a cached setting in NGINX. If you switch to Apache alone and run this once more does the issue persist? 0 -
So when I turn off Engintron my TLS 1.3 works fine: This server supports TLS 1.3. When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it. If you have any ideas please let me know. 0 -
So when I turn off Engintron my TLS 1.3 works fine: This server supports TLS 1.3. When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it. If you have any ideas please let me know.
I don't know, it might the best to ask engintron. The issue is that their software has been known to cause issues with cPanel.0 -
Would like to know this as well. How about the other services for +TLSv1.2 +TLSv1.3 like the ones below cPanel Web Disk Configuration Currently set to SSLv23:!SSLv2:!SSLv3 cPanel Web Services Configuration Currently set to SSLv23:!SSLv2:!SSLv3 Mailserver Configuration SSL Minimum Protocol Currently set to TLSv1.2 Exim Configuration Manager ==> Security Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default How do you change those ones above to use +TLSv1.2 +TLSv1.3?
0
Please sign in to leave a comment.
Comments
32 comments