The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSLProtocol configuration: The settings were not syntactically valid

Discussion in 'Security' started by Pputnik, Oct 7, 2016.

Tags:
  1. Pputnik

    Pputnik Member

    Joined:
    May 20, 2016
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    Hello All,

    I've created SSLProtocol and SSLCipherSuite strings using this Mozilla tool, now trying to insert SSLProtocol result at Home »Service Configuration »cPanel Web Services Configuration.

    The string is "all -SSLv3 -TLSv1 -TLSv1.1" (apache 2.4.18 | modern profile | OpenSSL 1.0.1k)
    The cpanel result is "The settings were not syntactically valid. The changes were not saved.The system could not save the changes. "

    If I just try to copy-n-paste the string, it does not work, but I noticed that the syntax in the textbox (very small, btw :( ) is different and tried to modify it a bit. I was able to proceed until '!SSLv23:!SSLv2:!SSLv3:!TLSv1' version, and still unable to disable TLSv1.1.

    The questions:
    1. why the syntax is different?
    2. how can I disable TLSv1.1 without black magic? I definitely can edit configs if needed :) but prefer to go without re-compilation
    3. How can I add SSLHonorCipherOrder? I see it is not mentioned in /usr/local/apache/conf/httpd.conf

    Thank you.
     
    #1 Pputnik, Oct 7, 2016
    Last edited: Oct 7, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I believe you are looking for the following option in Web Host Manager if you are seeking to adjust the Apache configuration:

    "WHM Home » Service Configuration » Apache Configuration » Global Configuration"

    Code:
    The TLS/SSL Cipher List and TLS/SSL Protocols List must be defined using alphanumeric characters with regular expressions ! + _ @ ~ and use a colon :)) for a separator. 
    Note the input field for "TLS/SSL Cipher List" in "WHM >> cPanel Web Services Configuration" is verified before hitting the "Save" button, however the same behavior does not apply to the "TLS/SSL Protocols" field. Internal case CPANEL-5870 is open to address that issue so that both fields are validated before hitting "Save'. I'll update this thread with more information on the status of that case as it becomes available.

    Regarding SSLHonorCipherOrder, you can add a custom value to the "Pre Main Include" section via:

    "WHM Home » Service Configuration » Apache Configuration » Include Editor"

    You may also find this document helpful:

    https://documentation.cpanel.net/display/ALD/cPanel+Web+Services+Configuration
    https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

    Thank you.
     
  3. Pputnik

    Pputnik Member

    Joined:
    May 20, 2016
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    Thank you.
     
    cPanelMichael likes this.
Loading...

Share This Page