Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

The server does not have SSL/TLS encryption on port 443

Discussion in 'Security' started by easy-hosting, Feb 2, 2018.

  1. easy-hosting

    easy-hosting Member

    Joined:
    Jan 21, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    So was doing some tightening up of security on one of our servers. Everything was going good and was going through things step by step and then suddenly the testing site started giving the message "The server does not have SSL/TLS encryption on port 443. Data exchange with end-users can be intercepted.".

    [removed due to use of real domain names]

    The Plesk server hasn't suffered the same fate though, so it's odd!

    [removed due to use of real domain names]

    I have tried changing back all the settings I made changes to (SSL Protocols, Ciphers etc.), but the error message still comes up.

    We use LiteSpeed, but as it is still tied into Apache, I have rebuilt the config, force reinstalled LiteSpeed and still hasn't resolved it.

    Qualys SSL Labs sees it as OK:
    [removed due to use of real domain names]

    The only issue here is that I have tried to get TLSv1.1 to work, but it doesn't seem to pick up the settings, or at one point when changing settings it had both TLSv1.0 and TLSv1.1 working, but I don't want TLSv1.0.

    Any help would be appreciated, as this is a production server, and I am worried that although everything seems to be working fine, and one test says it's OK, I would rather make sure it is fully working. Things like this tend to bug me!

    Cheers
     
    #1 easy-hosting, Feb 2, 2018
    Last edited by a moderator: Feb 2, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The information you provided suggests the message is a false positive, considering SSL is working as expected elsewhere. You may want to contact the support team of the application or website that's generating the warning message to verify how exactly they are testing the connection.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. easy-hosting

    easy-hosting Member

    Joined:
    Jan 21, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    I'll see if they have a support/contact area on the site.

    What about not being able to set the protocols being used by the server? The settings don't seem to apply and the server is only using TLS 1.2. Any thoughts on what has happened there?

    Cheers.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you verify the steps you are using to change the SSL/TLS protocols enabled for Apache, and the exact entry you are using? The default entry is "TLSv1.2" and it's configurable via "WHM >> Apache Configuration >> Global Configuration".

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. easy-hosting

    easy-hosting Member

    Joined:
    Jan 21, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    That is where I have been making the change. I tried all sorts of combinations. The current one I have set is:
    "ALL -SSLv2 -SSLv3 -TLSv1"

    Nothing seems to allow TLSv1.1, even with +TLSv1.1.

    I have tried switching to and from LiteSpeed and Apache, but still reporting as no TLSv1.1 and only version 1.2 (Apache) and 1.2 and 1.3 (LiteSpeed).

    A new version of LiteSpeed has just come out, so attempting to upgrade that and see what happens.

    Cheers.
     
  6. easy-hosting

    easy-hosting Member

    Joined:
    Jan 21, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    So I reverted to a snapshot from the 6th of January and was able to get the SSL test at HT Bridge to work. It came back with an A rating. I tried backing up the configuration and testing it on the server after reverting it back to the snapshot I took today, before going back to the older one, and it had no affect.

    So, I am lost as to what is causing it, and I can't have it running from the 6th of January snapshot as there is likely a lot of customer website changes and email etc. that would be lost.

    So there does appear to be some validity to the test being broken.
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice