SOLVED TLS 1.0 disabled on Nginx

W

webtipster

Well-Known Member
Aug 27, 2016
56
8
58
Atlanta, GA
cPanel Access Level
Website Owner
Hi guys,

Can't figure this one out... When running ssllabs.com SSL test I see that on one of the servers TLS 1.0 and TLS 1.1 are still enabled. When I compare the settings with another server I basically have the same, but on the 2nd server they are disabled.

I just can't figure it out, perhaps I've been staring at it too long.
Any ideas what am I missing here?


Apache configuration

SSL cipher suite: default
SSL/TLS protocols: default (TLSv1.2).


cPanel Web Disk Configuration

TLS/SSL Cipher Suite:
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS
TLS/SSL Protocols: SSLv23:!SSLv2:!SSLv3


cPanel Web Services:

TLS/SSL Cipher List:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
TLS/SSL Protocols: SSLv23:!SSLv2:!SSLv3


Thanks in advance!
 
W

webtipster

Well-Known Member
Aug 27, 2016
56
8
58
Atlanta, GA
cPanel Access Level
Website Owner
DUH!!! LOL!

Ok I forgot that I had nginx running on this one. Yea, starred at it too long lol. Made an edit on the common_https.conf and added the following changes:

ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384'

In case anyone else runs into these types of issues. :)

Thanks!
 
  • Like
Reactions: cPanelMichael
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello @webtipster,

I'm glad to see you were able to solve the issue. Thank you for sharing the outcome.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
amstel SSL/TLS: Renegotiation DoS Vulnerability Security 3
B TLS Status: Defective Security 2
K SSL/TLS Weak Key Exchange Supported? Security 6
T SSL/TLS EDIT Security 3
Y SSL/TLS Disabled Security 13
Similar threads
SSL/TLS: Renegotiation DoS Vulnerability
TLS Status: Defective
SSL/TLS Weak Key Exchange Supported?
SSL/TLS EDIT
SSL/TLS Disabled
Top Bottom