The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel keeps turning SSL3 back on for IMAP and POP

Discussion in 'Security' started by ryodo, Jul 27, 2015.

  1. ryodo

    ryodo Member

    Joined:
    Oct 3, 2012
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner
    Hi All -
    I've changed the settings for IMAP and POP TLS/SSL Protocols in the Mailserver Configuration panel to specify "Only permit TLSv1.0 connections", and this successfully turns off SSL3 for our PCI scans, while leaving the SSL3 cipher in place, since it's actually used by TLS.
    However, for some unknown reason they keep reverting to "Permit SSL v2 or v3 connections and TLS v.1x connections". I'm guessing this happens during reboots or the automated system upgrades. And of course, causes the next PCI scan to fail.

    Can anyone direct me to the scripts that would need to be updated to prevent this reversion?
    Thanks in advance!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. ryodo

    ryodo Member

    Joined:
    Oct 3, 2012
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner
    We're running WHM 11.50.0, with Courier being the mail server. Thank you for looking into this. I haven't kept track to see when it's actually switching back to SSL3, so my assumption has been it occurs when the server updates itself or restarts. It hasn't switched since I posted my comment here. Could this have been fixed in 11.50?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's possible, but I don't see any internal cases included with cPanel version 11.50 referencing this issue. Feel free to let us know if you encounter any additional problems.

    Thank you.
     
  5. ryodo

    ryodo Member

    Joined:
    Oct 3, 2012
    Messages:
    10
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Website Owner
    OK, problem came back. We're now running WHM 11.52.2, and when we did our PCI scan last week it showed that the mailserver configuration had gone back to accepting both SSL3V3 and TLS 1.0. My conclusion is that when cPanel updates WHM it is getting set back to the default of SSL3V3.
    cPanel people - please look into this!
     
    Spork Schivago likes this.
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you switch to Dovecot and verify if the issue persists? Courier is deprecated in cPanel version 11.52, and completely removed in cPanel version 54.

    Thank you.
     
Loading...

Share This Page