Skip to main content

tsl 1.2 - Disable?

Amiga500

Hi,

Can you disable TSL 1.2 in cPanel for a particular customer/domain?  We have a customer who's older phone system cannot send email in that format.

Thank you.

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  There isn't a way to do that - since the protocols are handled at the service level there wouldn't be a way to disable that for just one user account. 

    0
  • Amiga500

    Hi,

    I was provided with these instructions.... Does this look valid/legit? If not, delete the comment.....

    "Below I provided a code that includes 'example.com' in place of the domain name in question.

    Here are the Steps to Enable TLS 1.1 for a Specific Domain in WHM


    1. Log into WHM: Use your root or administrative credentials to log in.


    2. Edit Apache Configuration:

    Navigate to "Service Configuration" in the left sidebar.
    Click on "Apache Configuration".
    Then go to "Include Editor".


    3. Add Custom Virtual Host Configuration:

    You can add custom configurations for specific domains in the appropriate sections of the Include Editor.


    You would typically add a custom VirtualHost directive for the specific domain. Here’s an example configuration:

    <VirtualHost *:443>


    bmr.suspension.vps example.com
    SSLEngine on
    SSLCertificateFile /path/to/example.com.crt
    SSLCertificateKeyFile /path/to/example.com.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1.2 -TLSv1.3 +TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5
    </VirtualHost>

    This configuration disables TLS 1.2 and 1.3 while enabling TLS 1.1 for the specified domain (example.com).

    4.Add to the Global Configuration:
    If your server has a global SSL configuration (like in ssl.conf), ensure that it doesn't override your custom settings. It might look like this:

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1.2 -TLSv1.3

    5. Restart Apache:
    After making your changes, you need to restart the Apache server for them to take effect. You can do this through WHM under "Restart Services" > "HTTP Server (Apache)".

    6. Testing:
    After restarting, you should test the configuration to ensure that TLS 1.1 is enabled for the specific domain. You can use tools like SSL Labs' SSL Test or similar.

    Important Considerations
    Security Risks: Be aware that enabling TLS 1.1 can expose your server to security vulnerabilities, as it is considered outdated. It's generally recommended to use the latest versions of TLS unless absolutely necessary.

    Compatibility: Ensure that enabling TLS 1.1 is necessary for your applications or clients, as most modern browsers and clients have deprecated support for this protocol.

    Backup: Always back up your configuration files before making changes."

    0
  • cPRex Jurassic Moderator

    That is the correct way to add an include, but I'm not sure if that setting will override the server default.  I'd try it and find out!

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post