can not disable TLSv1 and TLSv1.2
Hi,
I'm trying to disable TLSv1 and TLSv1.1. I have set SSL/TLS Protocols to TLSv1.2 in Apache config -> Global config, some sites (all except one or two) are still using TLSv1
I have set the SSL Cipher Suite to ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS as setting the default option causes ERR_SSL_VERSION_OR_CIPHER_MISMATCH error when loading the site
I have tried setting SSLProtocol TLSv1.2 in Apache Configuration > Include Editor > Pre VirtualHost and to the /etc/apache2/conf.d/userdata/ssl/2_4///includename.conf but still have the same problem
I'm running CloudLinux version 7.7 and cPanel v84.0.22
-
On that version, you can just set it to the cPanel defaults and it will only enable 1.2, so you should be good doing it that way. 0 -
As noted by @GOT the defaults will only enable TLSv1.2 so just selecting default will do this. 0 -
I have the default set for SSL/TLS Protocols, but most sites still come up as TLSv1 If i set the default for SSL Cipher Suite when i go to the sites i get an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error 0 -
I have the default set for SSL/TLS Protocols, but most sites still come up as TLSv1 If i set the default for SSL Cipher Suite when i go to the sites i get an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
You mentioned you'd added some Apache includes did you remove those? Also when you set these did you happen to update cagefs for the users?0
Please sign in to leave a comment.
Comments
4 comments