![cpanel whm how to enable tls v1.2 cpanel whm how to enable tls v1.2](https://attachments-eu1-cloud-deskpro-com.s3.amazonaws.com/files/28334/20132/20131774QDDXYRNZJATGNAC0-1622710874999.png)
Openssl s_client -connect linuxwebhostingsupport.in:443 -ssl3 To make sure services on your server are not accepting SSLv3 connections, you can run the openssl client on your server against the SSL ports. You can use a website like for a web based check. If you are running at least 1.4.29, put the following lines in your configuration file: ssl.use-sslv2 = "disable" Lighttpd releases before 1.4.28 allow you to disable SSLv2 only. Make sure the field contains “+no_sslv2 +no_sslv3”.Ĥ.Go to the bottom of the page, and select the Save button to restart the service. Under Advanced Editor, look for ‘openssl_options’.ģ. Go to Home » Service Configuration » Exim Configuration ManagerĢ. Go to the bottom of the page, and select the Save button to restart the service.Ĭourier has released a new version to mitigate this as of 10/22, until we have an opportunity to review, test, and publish the new version of Courier please switch to Dovecot for enhanced security.ġ. If it does not, replace the text in this field.ģ. SSL Protocols should contain “!SSLv2 !SSLv3”. Go to WHM => Service Configuration => Mailserver Configuration.Ģ.
![cpanel whm how to enable tls v1.2 cpanel whm how to enable tls v1.2](https://blog.cpanel.com/wp-content/uploads/2017/06/EA4profiles.png)
Go to WHM => Service Configuration => cPanel Web Disk Configurationġ. Select the “Save” button at the bottom.ġ. Make sure that the “TLS/SSL Protocols” field contains “SSLv23:!SSLv2:!SSLv3”.ģ. Go to WHM => Service Configuration => cPanel Web Services ConfigurationĢ.
CPANEL WHM HOW TO ENABLE TLS V1.2 UPGRADE
However, users who want better security should switch to Dovecot until we upgrade Courier to a newer version.ġ. Mail Clients are not as susceptible to POODLE. The POODLE attack requires the client to retry connecting several times in order to downgrade to SSLv3, and typically only browsers will do this. Then restart the nginx service service nginx restartįor more information about Litespeed & POODLE: You will need to add the following line to your server directive: If you’re running an NGINX web server that currently uses SSLv3, you need to edit the NGINX configuration (nf). In this box, copy and paste the following: An empty dialogue box will appear allowing you to input the needed configuration updates. Via the drop-down selector, choose ‘All Versions’.ĥ. Click ‘Pre Main Include’, which will jump to the corresponding section. Scroll down to the ‘Include Editor’ Section of the Apache Configuration.Ĥ. Navigate to the Apache Configuration Panel of WHM.ģ. If you have a cPanel server, you should not edit Apache configurations directly, instead you can do this from WHM.Ģ. The above line enables everything except SSLv2 and SSLv3 So edit the Apache config file and add followingĪll is a shortcut for +SSLv2 +SSLv3 +TLSv1 or – when using OpenSSL 1.0.1 and later – +SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, respectively. The system also enables TLSv1.2 by default. SSL v2 is also insecure, so we need to disable it too. cPanel & WHM supports Transport Layer Security (TLS) protocol version 1.2 and Transport Layer Security (TLS) protocol version 1.3: Beginning in cPanel and WHM version 86, cPanel & WHM only supports TLSv1.2 or newer. To fix the bug, disable SSLv3 and use a secure cipherlist. See the google security blog for more info on the bug. The fix is easy, disable support for SSLv3. Which is prone to false positives, don’t get upset when you trigger a cPHulk block.The POODLE bug is a new bug discovered by Google in the SSLv3 protocol. Otherwise, that’s another firewall option. If you’ve got the ConfigServer Firewall active (which is recommended), disable cPHulk. You can set up Host Access Control so that only certain IPs can access certain services. Nmap done: 1 IP address (1 host up) scanned in 3.51 seconds Some additional “hardening” that may be more trouble than it’s worth: Formerly known as “Always redirect to SSL/TLS” = On Verify that TLS 1.0 and 1.1 have been disabled nmap -p 2087 -script ssl-enum-ciphers In WHM -> Home -> Server Configuration -> Tweak Settings -> Redirection check this setting:Ĭhoose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd = On In WHM -> Home -> Server Configuration -> Tweak Settings -> Security check these settings: In WHM -> Home -> Service Configuration -> cPanel Web Services Configuration copy/paste the TLS/SSL cipher list and Protocols values from the cPanel defaults in the Apache configuration.