SSLProtocol configuration: The settings were not syntactically valid

Pputnik

Member
May 20, 2016
11
1
3
Poland
cPanel Access Level
Root Administrator
Hello All,

I've created SSLProtocol and SSLCipherSuite strings using this Mozilla tool, now trying to insert SSLProtocol result at Home »Service Configuration »cPanel Web Services Configuration.

The string is "all -SSLv3 -TLSv1 -TLSv1.1" (apache 2.4.18 | modern profile | OpenSSL 1.0.1k)
The cpanel result is "The settings were not syntactically valid. The changes were not saved.The system could not save the changes. "

If I just try to copy-n-paste the string, it does not work, but I noticed that the syntax in the textbox (very small, btw :( ) is different and tried to modify it a bit. I was able to proceed until '!SSLv23:!SSLv2:!SSLv3:!TLSv1' version, and still unable to disable TLSv1.1.

The questions:
1. why the syntax is different?
2. how can I disable TLSv1.1 without black magic? I definitely can edit configs if needed :) but prefer to go without re-compilation
3. How can I add SSLHonorCipherOrder? I see it is not mentioned in /usr/local/apache/conf/httpd.conf

Thank you.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

I believe you are looking for the following option in Web Host Manager if you are seeking to adjust the Apache configuration:

"WHM Home » Service Configuration » Apache Configuration » Global Configuration"

Code:
The TLS/SSL Cipher List and TLS/SSL Protocols List must be defined using alphanumeric characters with regular expressions ! + _ @ ~ and use a colon :)) for a separator.
Note the input field for "TLS/SSL Cipher List" in "WHM >> cPanel Web Services Configuration" is verified before hitting the "Save" button, however the same behavior does not apply to the "TLS/SSL Protocols" field. Internal case CPANEL-5870 is open to address that issue so that both fields are validated before hitting "Save'. I'll update this thread with more information on the status of that case as it becomes available.

Regarding SSLHonorCipherOrder, you can add a custom value to the "Pre Main Include" section via:

"WHM Home » Service Configuration » Apache Configuration » Include Editor"

You may also find this document helpful:

https://documentation.cpanel.net/display/ALD/cPanel+Web+Services+Configuration
https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

Thank you.