Jeet

Member
May 20, 2012
11
0
51
cPanel Access Level
Root Administrator
Hello,

I recently moved my site to a new server after 4 years. Both old and new servers are running on Centos7 / WHMv88. However, it seems that the new server currently only supports TLSv1.2 and TLSv1.3. I have a legacy Windows app which needs to be connected to the site which has TLSv1 hardcoded in the connection settings.

I know this may be less desirable, but I really want my site to support TLSv1 and TLSv1.1 until the windows application is updated. I have added the following to the SSL/TLS protocols in WHM.

All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1

However, SSLlabs still shows as the site doesn't support TLSv1 or TLSv1.1.
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No

This is the same setting I have in my old server which supports TLSv1 and TLSv1.1

Any help to enable TLSv1 and TLSv1.1 on the new server would be highly appreciated.

Thanks,
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
55
103
Denmark
cPanel Access Level
Root Administrator
Replacing with +TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3 should work :)
 

Jeet

Member
May 20, 2012
11
0
51
cPanel Access Level
Root Administrator
Hi Michael, thanks for the reply. However, it still doesn't work. :( Ssllabs still shows the following and the app is not able to connect.

TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
55
103
Denmark
cPanel Access Level
Root Administrator
Hmm - and this is a basic cPanel setup with Apache? Or do you use NGINX, LiteSpeed or have anything (proxy, Cloudflare, etc.) in front?
 

Jeet

Member
May 20, 2012
11
0
51
cPanel Access Level
Root Administrator
Apache only. Only differences between the old and new servers are one is running Centos 7.7/PHP 5.6 whereas the other one Centos 7.8/PHP 7.3. Strangely, TLSv1 and TLSv1.1 works in the old server.
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
55
103
Denmark
cPanel Access Level
Root Administrator
Ah... yes of course. You'd need to change also the SSL Ciphers. Sorry, haven't done TLS1 for a long time :)
You can read more here:
 

cPAdminsMichael

Well-Known Member
Dec 19, 2016
161
55
103
Denmark
cPanel Access Level
Root Administrator
Great!
... and I probably don't have to mention that this also downgrades the cipher for the other TLS protocols, right? ;-)
(As you can probably see in SSLLabs.com)
I'd recommend migrating the old/legacy app off to an isolated server.
 

Jeet

Member
May 20, 2012
11
0
51
cPanel Access Level
Root Administrator
Indeed. Was happy to see a "B" instead of "A". :-p
Yes, we need to work on migrating the app. Though didn't realize it before moving the site. So this was required as a temp solution. Thanks again for your help.