Enabling TLSv1 and TLSv1.1

Jeet

• August 06, 2020 10:08

Hello, I recently moved my site to a new server after 4 years. Both old and new servers are running on Centos7 / WHMv88. However, it seems that the new server currently only supports TLSv1.2 and TLSv1.3. I have a legacy Windows app which needs to be connected to the site which has TLSv1 hardcoded in the connection settings. I know this may be less desirable, but I really want my site to support TLSv1 and TLSv1.1 until the windows application is updated. I have added the following to the SSL/TLS protocols in WHM. All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 However, SSLlabs still shows as the site doesn't support TLSv1 or TLSv1.1. TLS 1.3 Yes TLS 1.2 Yes TLS 1.1 No TLS 1.0 No SSL 3 No SSL 2 No This is the same setting I have in my old server which supports TLSv1 and TLSv1.1 Any help to enable TLSv1 and TLSv1.1 on the new server would be highly appreciated. Thanks,

• 

  cPAdminsMichael

  • August 06, 2020 17:53

  Replacing with +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3
  should work :-)

  -1
• 

  Jeet

  • August 06, 2020 18:03

  Hi Michael, thanks for the reply. However, it still doesn't work. :( Ssllabs still shows the following and the app is not able to connect. TLS 1.3 Yes TLS 1.2 Yes TLS 1.1 No TLS 1.0 No SSL 3 No SSL 2 No

  0
• 

  cPAdminsMichael

  • August 06, 2020 18:06

  Hmm - and this is a basic cPanel setup with Apache? Or do you use NGINX, LiteSpeed or have anything (proxy, Cloudflare, etc.) in front?

  0
• 

  Jeet

  • August 06, 2020 18:19

  Apache only. Only differences between the old and new servers are one is running Centos 7.7/PHP 5.6 whereas the other one Centos 7.8/PHP 7.3. Strangely, TLSv1 and TLSv1.1 works in the old server.

  0
• 

  cPAdminsMichael

  • August 06, 2020 18:45

  Ah... yes of course. You'd need to change also the SSL Ciphers. Sorry, haven't done TLS1 for a long time :-) You can read more here:

  -1
• 

  Jeet

  • August 06, 2020 19:19

  Thanks a lot! That did the trick. :-D

  0
• 

  cPAdminsMichael

  • August 06, 2020 19:24

  Great! ... and I probably don't have to mention that this also downgrades the cipher for the other TLS protocols, right? ;-) (As you can probably see in SSLLabs.com) I'd recommend migrating the old/legacy app off to an isolated server.

  0
• 

  Jeet

  • August 06, 2020 19:30

  Indeed. Was happy to see a "B" instead of "A". :-p Yes, we need to work on migrating the app. Though didn't realize it before moving the site. So this was required as a temp solution. Thanks again for your help.

  0
• 

  cPanelLauren

  • August 06, 2020 21:52

  Glad to see you were able to get this resolved and I am even happier to see that this is just going to be a temp fix. Thanks!

  0
• 

  Prakash00070

  • August 23, 2021 09:40

  Ah... yes of course. You'd need to change also the SSL Ciphers. Sorry, haven't done TLS1 for a long time :) You can read more here:

  0
• 

  cPAdminsMichael

  • August 23, 2021 13:45

  Yeah - I can see that it's not working anylonger... hmm.. Maybe you can use this link as guidance which cipher suite to have with your setup:

  0
• 

  cPRex Jurassic Moderator

  • August 23, 2021 16:07

  We combined that page into a more general page here: How to Update Ciphers and TLS Protocols | cPanel & WHM Documentation

  0

Please sign in to leave a comment.