error during enable TLSv1.3 in cPanel86

bejbi

Well-Known Member
PartnerNOC
Jan 20, 2006
137
22
168
Poland
cPanel Access Level
DataCenter Provider
After update cPanel to v86 whe I try to enable TSLv1.3
I add in Apache Global Configuration:
TLSv1.2 TLSv1.3
(space separated)

But after this - only TLSv1.3 works !
It was checked olso via: SSL Server Test (Powered by Qualys SSL Labs)

It is probably bug in cPanel

I changed to:
All -SSLv3 -TLSv1 -TLSv1.1

and it works. But it is only walkaround
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
You must specify what you're adding if you're adding more than one in this instance. I can confirm the following works:

+TLSv1.2 +TLSv1.3

My output from SSL Labs when using this indicates the following:

Screenshot at Feb 20 19-33-41.png
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

For Apache

WHM’s Global Configuration interface (Home >> WHM >> Service Configuration >> Apache Configuration >> Global Configuration).

+TLSv1.2 +TLSv1.3
This is correct, thanks @ciao70
 

ciao70

Well-Known Member
Nov 3, 2006
82
14
158
I do not know :)

 

vlee

Well-Known Member
Oct 13, 2005
374
26
178
Spokane, Washington
cPanel Access Level
Root Administrator
How about the other services for +TLSv1.2 +TLSv1.3 like the ones below

cPanel Web Disk Configuration
Currently set to SSLv23:!SSLv2:!SSLv3

cPanel Web Services Configuration
Currently set to SSLv23:!SSLv2:!SSLv3

Mailserver Configuration
SSL Minimum Protocol Currently set to TLSv1.2

Exim Configuration Manager ==> Security
Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default

How do you change those ones above to use +TLSv1.2 +TLSv1.3?
 

PbG

Well-Known Member
Mar 11, 2003
247
0
166
I would like to know this as well?


How about the other services for +TLSv1.2 +TLSv1.3 like the ones below

cPanel Web Disk Configuration
Currently set to SSLv23:!SSLv2:!SSLv3

cPanel Web Services Configuration
Currently set to SSLv23:!SSLv2:!SSLv3

Mailserver Configuration
SSL Minimum Protocol Currently set to TLSv1.2

Exim Configuration Manager ==> Security
Currently set to +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1 default

How do you change those ones above to use +TLSv1.2 +TLSv1.3?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The OpenSSL package that was released was for EasyApache 86 Release Notes | cPanel & WHM Documentation which covers OpenSSL for Apache related services.

This is not the same package that covers it for the system which includes other services which is at OpenSSL 1.0.2k-fips 26 Jan 2017

I also want to point out that I did notice our documentation was a little unclear on this and I've opened a case to have it clarified.
 
Last edited:
  • Like
Reactions: Alongar and ciao70