Skip to main content

TLS Version 1.1 Protocol Deprecated in CISA scans.

Comments

9 comments

  • MacHelpNashville
    root@mac.machelpnashville.com [~]# rpm -qa | grep openssl- cpanel-perl-536-crypt-openssl-bignum-0.09-1.cp108~el7.x86_64 cpanel-perl-536-crypt-openssl-dsa-0.20-1.cp108~el7.x86_64 openssl-libs-1.0.2k-26.el7_9.x86_64 cpanel-perl-536-crypt-openssl-x509-1.914-1.cp108~el7.x86_64 ea-ruby27-rubygem-openssl-27.2.7.8.2.1.4-1.15.4.cpanel.x86_64 cpanel-perl-536-crypt-openssl-ec-1.32-1.cp108~el7.x86_64 openssl-devel-1.0.2k-26.el7_9.x86_64 cpanel-perl-536-crypt-openssl-random-0.15-1.cp108~el7.x86_64 openssl-1.0.2k-26.el7_9.x86_64 alt-openssl-libs-1.0.2k-2.el7.cloudlinux.10.x86_64 cpanel-perl-536-crypt-openssl-rsa-0.33-1.cp108~el7.x86_64 root@mac.machelpnashville.com [~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) root@mac.machelpnashville.com [~]#
    0
  • cPanelWilliam
    Hello, According to Litespeed's documentation, you should be able to adjust these settings via WHM > Apache Configuration > Global Configuration:
    0
  • MacHelpNashville
    Hello, According to Litespeed's documentation, you should be able to adjust these settings via WHM > Apache Configuration > Global Configuration:
    0
  • cPRex Jurassic Moderator
    Interesting - so even after you adjust the values in WHM, they are getting reset to the defaults? If so, can you let me know *exactly* what change you're making and where so I can test this?
    0
  • MacHelpNashville
    Litespeed says: When you set SSL/TLS Protocols to ALL -SSLv3 -TLSv1 -TLSv1.1 you are really saying, "use all available protocols, except SSLv3, TLSv1, and TLSv1.1." when I do that, and then press save, it says: For your changes to take effect, the Apache configuration must be rebuilt and Apache restarted. so I press the button to restart and save and then it shows this line: all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2 which is not what I typed. and the server still fails the scan from CISA and I get the TLS Version 1.1 Protocol Deprecated.
    0
  • MacHelpNashville
    the server also still fails when I use nessus to scan the server. (which is what CISA uses)
    0
  • cPRex Jurassic Moderator
    As a test, could you try running this command to see if there are any issues with the Apache configuration itself? /scripts/rebuildhttpdconf If things are working normally, you should get this output: "Built /etc/apache2/conf/httpd.conf OK"
    0
  • MacHelpNashville
    yep, root@mac.machelpnashville.com [~]# /scripts/rebuildhttpdconf Built /etc/apache2/conf/httpd.conf OK I have hired Litespeed support and many others to attempt to fix this...
    0
  • cPRex Jurassic Moderator
    Could you please submit a support ticket to us?
    0

Please sign in to leave a comment.