SOLVED TLS 1.0 disabled on Nginx

webtipster

Well-Known Member
Aug 27, 2016
56
8
58
Atlanta, GA
cPanel Access Level
Website Owner
Hi guys,

Can't figure this one out... When running ssllabs.com SSL test I see that on one of the servers TLS 1.0 and TLS 1.1 are still enabled. When I compare the settings with another server I basically have the same, but on the 2nd server they are disabled.

I just can't figure it out, perhaps I've been staring at it too long.
Any ideas what am I missing here?


Apache configuration

SSL cipher suite:
default
SSL/TLS protocols: default (TLSv1.2).


cPanel Web Disk Configuration

TLS/SSL Cipher Suite:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
TLS/SSL Protocols: SSLv23:!SSLv2:!SSLv3


cPanel Web Services:

TLS/SSL Cipher List:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
TLS/SSL Protocols: SSLv23:!SSLv2:!SSLv3


Thanks in advance!
 

webtipster

Well-Known Member
Aug 27, 2016
56
8
58
Atlanta, GA
cPanel Access Level
Website Owner
DUH!!! LOL!

Ok I forgot that I had nginx running on this one. Yea, starred at it too long lol. Made an edit on the common_https.conf and added the following changes:

ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384'

In case anyone else runs into these types of issues. :)

Thanks!
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello @webtipster,

I'm glad to see you were able to solve the issue. Thank you for sharing the outcome.