TLS Version 1.1 Protocol Deprecated in CISA scans.
I'm running cent os 7.9 with whm and using litespeed server.
where do I change this setting to disable older tls?
all online documentation is not helping me find the real setting.
- Service Configuration /
- Global Configuration
- all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
-
root@mac.machelpnashville.com [~]# rpm -qa | grep openssl- cpanel-perl-536-crypt-openssl-bignum-0.09-1.cp108~el7.x86_64 cpanel-perl-536-crypt-openssl-dsa-0.20-1.cp108~el7.x86_64 openssl-libs-1.0.2k-26.el7_9.x86_64 cpanel-perl-536-crypt-openssl-x509-1.914-1.cp108~el7.x86_64 ea-ruby27-rubygem-openssl-27.2.7.8.2.1.4-1.15.4.cpanel.x86_64 cpanel-perl-536-crypt-openssl-ec-1.32-1.cp108~el7.x86_64 openssl-devel-1.0.2k-26.el7_9.x86_64 cpanel-perl-536-crypt-openssl-random-0.15-1.cp108~el7.x86_64 openssl-1.0.2k-26.el7_9.x86_64 alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64 cpanel-perl-536-crypt-openssl-rsa-0.33-1.cp108~el7.x86_64 root@mac.machelpnashville.com [~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) root@mac.machelpnashville.com [~]# 0 -
Interesting - so even after you adjust the values in WHM, they are getting reset to the defaults? If so, can you let me know *exactly* what change you're making and where so I can test this? 0 -
Litespeed says: When you set SSL/TLS Protocols to ALL -SSLv3 -TLSv1 -TLSv1.1 you are really saying, "use all available protocols, except SSLv3, TLSv1, and TLSv1.1." when I do that, and then press save, it says: For your changes to take effect, the Apache configuration must be rebuilt and Apache restarted. so I press the button to restart and save and then it shows this line: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 which is not what I typed. and the server still fails the scan from CISA and I get the TLS Version 1.1 Protocol Deprecated. 0 -
the server also still fails when I use nessus to scan the server. (which is what CISA uses) 0 -
As a test, could you try running this command to see if there are any issues with the Apache configuration itself? /scripts/rebuildhttpdconf If things are working normally, you should get this output: "Built /etc/apache2/conf/httpd.conf OK" 0 -
yep, root@mac.machelpnashville.com [~]# /scripts/rebuildhttpdconf Built /etc/apache2/conf/httpd.conf OK I have hired Litespeed support and many others to attempt to fix this... 0 -
Could you please submit a support ticket to us? 0
Please sign in to leave a comment.
Comments
9 comments