Disable TLS 1.0 and 1.1

verdon

• May 29, 2020 12:52

Hi, I am trying to disable TLS 1.0 and 1.1. I have followed the direction at cPanel Web Services Configuration | cPanel & WHM Documentation and verified that I have SSLv23:!SSLv2:!TLSv1:!TLSv1_1 in the TLS/SSL Protocols field and the correct ciphers in the cipher field. This is on 2 servers. When doing a test/report at sslabs, it is still reporting that the server(s) still support TLS 1.0 and 1.1 Is there a step I've missed? Do I have to run EA and rebuild apache? Note: One of my servers is using apache and the other litespeed

• 

  Wallu

  • May 30, 2020 08:52

  Hi, WHM -> Service Configuration -> Apache Configuration -> Global Configuration ..all you need to do is to use the default 'SSL/TLS Protocols'. Should work as is. - Wallu

  0
• 

  Wallu

  • May 30, 2020 08:57

  Or, use: ALL -SSLv3 -TLSv1 -TLSv1.1 Edit: and restart service - Wallu

  0
• 

  verdon

  • May 31, 2020 11:33

  Thanks @Wallu, I had used WHM -> Service Configuration -> cPanel Webservices configuration, which configures just about everything else for TLS.

  0
• 

  cPanelLauren

  • June 01, 2020 05:46

  I have the default setting in my Apache Config and I can confirm it's sufficient, my output from SSL Labs shows the following:

  Protocols
  TLS 1.3	No
  TLS 1.2	Yes
  TLS 1.1	No
  TLS 1.0	No
  SSL 3	No
  SSL 2	No

  Normally I have the following: +TLSv1.2 +TLSv1.3 And can confirm with that it only allows TLSv1.2 and TLSv1.3

  0
• 

  nybbles

  • June 08, 2020 23:58

  I"m having same issue. I set it to the defaults and ssllabs is still saying 1.0 and 1.1 are enabled. Why?

  0
• 

  nybbles

  • June 09, 2020 14:49

  Update... cpanel tech support confirmed that it is working, and SSL Labs for some reason took forever to register the update... even though I asked it to scan again and cleared the cache.... problem solved.

  0

Please sign in to leave a comment.