cPanel Web Services Configuration - Elaborate

eitanc

• May 31, 2020 03:41

Hello, I use cpanel 88.0.5 and I wish to understand better how to correctly edit the SSL - TLS protocols list, since the matching support article is not very detailed...

• 

  quietFinn

  • May 31, 2020 16:43

  If you are looking for the SSL/TLS Protocols Apache uses they are in WHM -> Service Configuration -> Apache Configuration -> Global Configuration

  0
• 

  eitanc

  • May 31, 2020 16:55

  I am not sure. Currently I refer to the web server that WHM uses.

  0
• 

  cPanelLauren

  • June 01, 2020 07:09

  What are you attempting to change the protocols for and where are you looking to see the current protocols in place as they're listed in a few different places for different items.

  0
• 

  eitanc

  • June 01, 2020 09:07

  Sorry, I don't understand you reply. Currently I just wish to understand this specific field's syntax to correctly change allow or block the use of SSL/TLS protocols and their versions.

  0
• 

  cPanelLauren

  • June 01, 2020 19:24

  For which service are you wanting to change it for though? Apache? Dovecot? Exim?

  0
• 

  eitanc

  • June 01, 2020 20:20

  For the services referred to by the link I provided in the first post.

  0
• 

  cPanelLauren

  • June 01, 2020 22:19

  So you just want to change this for cPanel & WHM? To explain this fully TLSv1.2 is the default protocol, your list is the default: !SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1
  This says don't use these protocols - TLSv1.2 does not need to be added here to be used. If you're unsure of what to modify you should leave this as the default which for all things right now is TLSv1.2 unless you're changing it for Apache only which can use TLSv1.3 which is why I asked what specifically you wanted to change it for. Furthermore, why are you wanting to change it and what is it that you'd like to change it to?

  0
• 

  eitanc

  • June 02, 2020 08:54

  When I asked, I didn't want to change anything. My goal was to allow only TLS 1.2 and I did not see it in this string of values - so I posted this here. Now, the current string is not explicitly mentioning TLS 1.2, it is only stating what is not allowed, so theoretically it can also allow TLS 1.3 and future TLS 1.x. Is there a way to explicitly mention the allowed protocols and rest, un-mentioned protocols, will be disabled?

  0
• 

  cPanelLauren

  • June 04, 2020 14:43

  You're only allowing TLSv1.2 based on this right now and if you want to or need to add protocols you'd just add them to that list with a + like the following: +tlsv1_3
  

  0
• 

  eitanc

  • June 04, 2020 16:04

  Oh, I see. So the "!" sign means "disable" and the "+" sign means enable. Cool, thank you very much!

  0

Please sign in to leave a comment.