cPanel Web Services Configuration - Elaborate

eitanc

Active Member
Jan 31, 2010
38
4
58
Hello,
I use cpanel 88.0.5 and I wish to understand better how to correctly edit the SSL - TLS protocols list, since the matching support article is not very detailed...

My current value is SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1 and when I am connected, my Chrome browser states the connection is using TLS 1.2.

So:
1. TLS 1.2 is not even mentioned at the current values list - so how is it activated?
2. How do I disable protocols from being used?

Thanks!
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
If you are looking for the SSL/TLS Protocols Apache uses they are in WHM -> Service Configuration -> Apache Configuration -> Global Configuration
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
What are you attempting to change the protocols for and where are you looking to see the current protocols in place as they're listed in a few different places for different items.
 

eitanc

Active Member
Jan 31, 2010
38
4
58
Sorry, I don't understand you reply. Currently I just wish to understand this specific field's syntax to correctly change allow or block the use of SSL/TLS protocols and their versions.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
So you just want to change this for cPanel & WHM? To explain this fully TLSv1.2 is the default protocol, your list is the default:

Code:
!SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1
This says don't use these protocols - TLSv1.2 does not need to be added here to be used.

If you're unsure of what to modify you should leave this as the default which for all things right now is TLSv1.2 unless you're changing it for Apache only which can use TLSv1.3 which is why I asked what specifically you wanted to change it for. Furthermore, why are you wanting to change it and what is it that you'd like to change it to?
 

eitanc

Active Member
Jan 31, 2010
38
4
58
When I asked, I didn't want to change anything. My goal was to allow only TLS 1.2 and I did not see it in this string of values - so I posted this here.
Now, the current string is not explicitly mentioning TLS 1.2, it is only stating what is not allowed, so theoretically it can also allow TLS 1.3 and future TLS 1.x. Is there a way to explicitly mention the allowed protocols and rest, un-mentioned protocols, will be disabled?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
You're only allowing TLSv1.2 based on this right now and if you want to or need to add protocols you'd just add them to that list with a + like the following:

+tlsv1_3