The server does not have SSL/TLS encryption on port 443

easy-hosting

Member
Jan 21, 2015
13
1
53
cPanel Access Level
Root Administrator
So was doing some tightening up of security on one of our servers. Everything was going good and was going through things step by step and then suddenly the testing site started giving the message "The server does not have SSL/TLS encryption on port 443. Data exchange with end-users can be intercepted.".

[removed due to use of real domain names]

The Plesk server hasn't suffered the same fate though, so it's odd!

[removed due to use of real domain names]

I have tried changing back all the settings I made changes to (SSL Protocols, Ciphers etc.), but the error message still comes up.

We use LiteSpeed, but as it is still tied into Apache, I have rebuilt the config, force reinstalled LiteSpeed and still hasn't resolved it.

Qualys SSL Labs sees it as OK:
[removed due to use of real domain names]

The only issue here is that I have tried to get TLSv1.1 to work, but it doesn't seem to pick up the settings, or at one point when changing settings it had both TLSv1.0 and TLSv1.1 working, but I don't want TLSv1.0.

Any help would be appreciated, as this is a production server, and I am worried that although everything seems to be working fine, and one test says it's OK, I would rather make sure it is fully working. Things like this tend to bug me!

Cheers
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello,

The information you provided suggests the message is a false positive, considering SSL is working as expected elsewhere. You may want to contact the support team of the application or website that's generating the warning message to verify how exactly they are testing the connection.

Thank you.
 

easy-hosting

Member
Jan 21, 2015
13
1
53
cPanel Access Level
Root Administrator
Hi Michael,

I'll see if they have a support/contact area on the site.

What about not being able to set the protocols being used by the server? The settings don't seem to apply and the server is only using TLS 1.2. Any thoughts on what has happened there?

Cheers.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
What about not being able to set the protocols being used by the server? The settings don't seem to apply and the server is only using TLS 1.2. Any thoughts on what has happened there?
Could you verify the steps you are using to change the SSL/TLS protocols enabled for Apache, and the exact entry you are using? The default entry is "TLSv1.2" and it's configurable via "WHM >> Apache Configuration >> Global Configuration".

Thank you.
 

easy-hosting

Member
Jan 21, 2015
13
1
53
cPanel Access Level
Root Administrator
Hi Michael,

That is where I have been making the change. I tried all sorts of combinations. The current one I have set is:
"ALL -SSLv2 -SSLv3 -TLSv1"

Nothing seems to allow TLSv1.1, even with +TLSv1.1.

I have tried switching to and from LiteSpeed and Apache, but still reporting as no TLSv1.1 and only version 1.2 (Apache) and 1.2 and 1.3 (LiteSpeed).

A new version of LiteSpeed has just come out, so attempting to upgrade that and see what happens.

Cheers.
 

easy-hosting

Member
Jan 21, 2015
13
1
53
cPanel Access Level
Root Administrator
So I reverted to a snapshot from the 6th of January and was able to get the SSL test at HT Bridge to work. It came back with an A rating. I tried backing up the configuration and testing it on the server after reverting it back to the snapshot I took today, before going back to the older one, and it had no affect.

So, I am lost as to what is causing it, and I can't have it running from the 6th of January snapshot as there is likely a lot of customer website changes and email etc. that would be lost.

So there does appear to be some validity to the test being broken.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,883
2,256
463
Hello,

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.