I am using CENTOS 7.8 v88.0.11 and Easy Apache 4 and cannot get TLS v1.3 working using any of the above methods. Any idea why this doesn't work in 88?
Last edited:
Can you show me exactly what you've added and how you've determined it's not functioning? Also can you confirm you have the ea-openssl packages as follows:
Code:
[[email protected] ~]# rpm -qa |grep ea-openssl1
ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64
ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64When I run that command it shows this:
ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64
And I determined it was not working via running my site at:
and seeing these results:
TLS 1.3 - No
TLS 1.2 - Yes
TLS 1.1 - No
TLS 1.0 - No
SSL 3 - No
SSL 2 - No
It looks to me like this package is missing. If so, could you give me the command to install it?
ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64
And I determined it was not working via running my site at:
Qualys SSL Labs
Bringing you the best SSL/TLS and PKI testing tools and documentation.
www.ssllabs.com
TLS 1.3 - No
TLS 1.2 - Yes
TLS 1.1 - No
TLS 1.0 - No
SSL 3 - No
SSL 2 - No
It looks to me like this package is missing. If so, could you give me the command to install it?
ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
It is missing and the command to install it is
What did you set in WHM>>Service Configuration>>Apache Configuration -> Global Configuration -> SSL/TLS Protocols? Here is what I have and my results on the same server from Qualys
Code:
yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
Code:
+TLSv1.2 +TLSv1.3Ok, I have the same protocols in my apache config.
+TLSv1.2 +TLSv1.3
Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down.
+TLSv1.2 +TLSv1.3
Before I run that installation line, will doing so force me to do anything, like re-install my ssl certs? I don't want any surprises and have sites go down.
Nope, at least it didn't for me. It will restart apache though which should be unnoticeable.
I ran:
yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
and the install was successful:
# rpm -qa |grep ea-openssl1
ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64
ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
and I restarted Apache and the Engintron plugin (I am running NGINX). Unfortunately the retest of my server at Qualys SSL Labs still does not show it working:
yum -y install ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
and the install was successful:
# rpm -qa |grep ea-openssl1
ea-openssl11-1.1.1g-1.1.2.cpanel.x86_64
ea-openssl11-devel-1.1.1g-1.1.2.cpanel.x86_64
and I restarted Apache and the Engintron plugin (I am running NGINX). Unfortunately the retest of my server at Qualys SSL Labs still does not show it working:
| TLS 1.3 | No |
Oh you didn't mention you were running Engintron's NGINX. This is probably a cached setting in NGINX. If you switch to Apache alone and run this once more does the issue persist?
So when I turn off Engintron my TLS 1.3 works fine:
This server supports TLS 1.3.
When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it.
If you have any ideas please let me know.
This server supports TLS 1.3.
When I enable Engintron it does not work. I even tried uninstalling Engintron and re-installing it.
If you have any ideas please let me know.
I don't know, it might the best to ask engintron. The issue is that their software has been known to cause issues with cPanel.
Duplika
Well-Known Member
I would suggest you read the thread as the answer is present. I've quoted it for you here:
The Engintron tech help said that it is possible that NGINX wasn't compiled to work with TLSv1.3 and Centos 7.8.
When I run this command:
openssl ciphers -v | awk '{print $2}' | sort | uniq
I don't see v 1.3 installed:
SSLv3
TLSv1.2
But somehow TLSv1.3 is working with Apache.
When I run this command:
openssl ciphers -v | awk '{print $2}' | sort | uniq
I don't see v 1.3 installed:
SSLv3
TLSv1.2
But somehow TLSv1.3 is working with Apache.