Auto SSL supported devices and web browser versions
I performed an SSL scan using Qualys SSL Labs for the cpanel.net website and my own website, which uses cPanel AutoSSL (Let's Encrypt). Based on the results, I noticed that my website does not support some older web browser versions, whereas the cpanel.net website supports all versions.
Could this issue be related to the Cipher Suite settings? If so, could you recommend the best Cipher Suite to ensure compatibility with all versions?
Currently, I am using the default Cipher Suite settings provided by cPanel.
-
If your website does NOT have dedicated IP it could be because of SNI.
https://docs.cpanel.net/knowledge-base/security/guide-to-ssl/#sni-support
0 -
My VPS has dedicated IP
0 -
cPRex can you please suggest me a solution
0 -
Go to WHM -> SSL/TLS -> Manage SSL Hosts
there is a column "Is SNI Required?"
Is it Yes or No for your website?0 -
It shows No
Is it due to use of same IP address for 3 websites?
0 -
Hey there! I can't say for sure what is happening on the cPanel website, but I can confirm that my personal sites I tested that use AutoSSL show the same warnings as your results, so I don't believe there is anything here that is not working as intended.
All of the items that are showing up red here are older browsers that are no longer supported even by their operating system vendor. For example, Safari 8 was released in 2014, and we're now on version 18.
I'm assuming we have some custom tools to gain that support, but it likely isn't worth the risk to most normal customers. If you scan Google you'll see they have TLS 1.0 enabled to provide support for some of those browsers, but I wouldn't recommend doing that on a "normal" machine.
You can find some additional details here:
0 -
Thank you for the clarificatiom. Now I know it's a normal state.
Additionally when I saw this report at very first, I asked it from ChatGPT and it said me to install mod_ssl for Apache, so I did that.
May I uninstall / remove mod_ssl as it's not relevant to this?
0 -
I wouldn't recommend installing or adjusting anything related to SSL packages on the system. EasyApache already includes the mod_ssl package through our own system, which you can see here:
# rpm -qa | grep -i mod_ssl
ea-apache24-mod_ssl-2.4.62-1.el8.cloudlinux.x86_64I would *carefully* remove that mod_ssl package you installed, making sure it doesn't remove any dependencies on the system that are needed by cPanel.
0 -
How can I carefully remove that?
I only ran this command to install it, but didn't do any configuration things.
dnf install mod_ssl -y
0 -
I would do this:
rpm -e --nodeps mod_ssl
and ensure that runs normally.
0 -
I ran following commands including yours, and got this result, is it ok?
[root@bepositive ~]# dnf list installed | grep mod_ssl
ea-apache24-mod_ssl.x86_64 2.4.62-3.5.1.cpanel @EA4-c8
[root@bepositive ~]# rpm -e --nodeps mod_ssl
error: package mod_ssl is not installed
[root@bepositive ~]#0 -
That looks good - that indicates there is no other mod_ssl package other than the one we provide, which is how it should be.
0 -
Thank you!
0 -
You're very welcome!
0
Please sign in to leave a comment.
Comments
14 comments