cPanel Web Services Configuration - Elaborate

E

eitanc

Active Member
Jan 31, 2010
38
4
58
Hello,
I use cpanel 88.0.5 and I wish to understand better how to correctly edit the SSL - TLS protocols list, since the matching support article is not very detailed...

cPanel Web Services Configuration | cPanel & WHM Documentation

This interface allows you to edit the TLS/SSL Cipher List and TLS/SSL Protocol list for cPanel, WHM, and Webmail.
docs.cpanel.net docs.cpanel.net

My current value is SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1 and when I am connected, my Chrome browser states the connection is using TLS 1.2.

So:
1. TLS 1.2 is not even mentioned at the current values list - so how is it activated?
2. How do I disable protocols from being used?

Thanks!
 
Q

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
If you are looking for the SSL/TLS Protocols Apache uses they are in WHM -> Service Configuration -> Apache Configuration -> Global Configuration
 
cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
What are you attempting to change the protocols for and where are you looking to see the current protocols in place as they're listed in a few different places for different items.
 
E

eitanc

Active Member
Jan 31, 2010
38
4
58
Sorry, I don't understand you reply. Currently I just wish to understand this specific field's syntax to correctly change allow or block the use of SSL/TLS protocols and their versions.
 
cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
So you just want to change this for cPanel & WHM? To explain this fully TLSv1.2 is the default protocol, your list is the default:

Code: 
!SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1
This says don't use these protocols - TLSv1.2 does not need to be added here to be used.

If you're unsure of what to modify you should leave this as the default which for all things right now is TLSv1.2 unless you're changing it for Apache only which can use TLSv1.3 which is why I asked what specifically you wanted to change it for. Furthermore, why are you wanting to change it and what is it that you'd like to change it to?
 
E

eitanc

Active Member
Jan 31, 2010
38
4
58
When I asked, I didn't want to change anything. My goal was to allow only TLS 1.2 and I did not see it in this string of values - so I posted this here.
Now, the current string is not explicitly mentioning TLS 1.2, it is only stating what is not allowed, so theoretically it can also allow TLS 1.3 and future TLS 1.x. Is there a way to explicitly mention the allowed protocols and rest, un-mentioned protocols, will be disabled?
 
cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,251
313
Houston
You're only allowing TLSv1.2 based on this right now and if you want to or need to add protocols you'd just add them to that list with a + like the following:

+tlsv1_3
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
L cPanel Webdisk Reports SSL is Invalid or Self-Signed, Which is Totally Not True Security 8
G SOLVED [CPANEL-27859] TLS failure preventing access to /cpanel , /whm , and /webmail Security 19
albatroz Forcing https on a cPanel website? Security 2
M Why doesn't SSL cover webmail, mail, cpanel, whm subdomains? Security 5
R Logging all cPanel, WHM and Webmail access Security 2
Similar threads
cPanel Webdisk Reports SSL is Invalid or Self-Signed, Which is Totally Not True
SOLVED [CPANEL-27859] TLS failure preventing access to /cpanel , /whm , and /webmail
Forcing https on a cPanel website?
Why doesn't SSL cover webmail, mail, cpanel, whm subdomains?
Logging all cPanel, WHM and Webmail access
Top Bottom