Hello All,
I've created SSLProtocol and SSLCipherSuite strings using this Mozilla tool, now trying to insert SSLProtocol result at Home »Service Configuration »cPanel Web Services Configuration.
The string is "all -SSLv3 -TLSv1 -TLSv1.1" (apache 2.4.18 | modern profile | OpenSSL 1.0.1k)
The cpanel result is "The settings were not syntactically valid. The changes were not saved.The system could not save the changes. "
If I just try to copy-n-paste the string, it does not work, but I noticed that the syntax in the textbox (very small, btw
) is different and tried to modify it a bit. I was able to proceed until '!SSLv23:!SSLv2:!SSLv3:!TLSv1' version, and still unable to disable TLSv1.1.
The questions:
1. why the syntax is different?
2. how can I disable TLSv1.1 without black magic? I definitely can edit configs if needed but prefer to go without re-compilation
3. How can I add SSLHonorCipherOrder? I see it is not mentioned in /usr/local/apache/conf/httpd.conf
Thank you.
I've created SSLProtocol and SSLCipherSuite strings using this Mozilla tool, now trying to insert SSLProtocol result at Home »Service Configuration »cPanel Web Services Configuration.
The string is "all -SSLv3 -TLSv1 -TLSv1.1" (apache 2.4.18 | modern profile | OpenSSL 1.0.1k)
The cpanel result is "The settings were not syntactically valid. The changes were not saved.The system could not save the changes. "
If I just try to copy-n-paste the string, it does not work, but I noticed that the syntax in the textbox (very small, btw
) is different and tried to modify it a bit. I was able to proceed until '!SSLv23:!SSLv2:!SSLv3:!TLSv1' version, and still unable to disable TLSv1.1.The questions:
1. why the syntax is different?
2. how can I disable TLSv1.1 without black magic? I definitely can edit configs if needed
but prefer to go without re-compilation3. How can I add SSLHonorCipherOrder? I see it is not mentioned in /usr/local/apache/conf/httpd.conf
Thank you.
Last edited:
