The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TLS 1.2 - Questions

Discussion in 'Security' started by sehh, Dec 3, 2015.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    As of December 2015, there is a major push to disable EVERY SINGLE encryption that is less than TLS 1.2 (that includes TLS 1.1, TLS 1.0, all SSL versions).

    We've been contacted by our PCI representative and all PCI certifications have been updated and will only accept TLS 1.2 and nothing else. Same thing with our various REST/API providers who are making the change within December.

    Unfortunately, there are some issues like CentOS 5, which is still within its lifetime, but it does not provide TLS 1.2 libraries via openssl.

    I'm waiting to see how cPanel will respond. Are they going to provide TLS 1.2 for all their supported operating systems?

    Your comments would be appreciated.

    Thank you.
     
  2. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Hello, OpenSSL is provided by your operating system (e.g. CentOS), not by cPanel. If you want TLS 1.2 support on CentOS 5 then you need to petition either Red Hat, or CentOS, to make a newer version of OpenSSL available. I believe there are some projects that make newer OpenSSL RPMs available on CentOS 5.

    With the end of life of CentOS 5 only 17 months away, now is the time to start moving to a newer OS. CentOS 7 is recommended.
     
    cPJacob likes this.
  4. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Europe
    Last time I checked, EasyApache used its own deprecated libraries and would ignore our custon openssl. Has that changed?

    oh and 17 months is a bit over a whole YEAR... you make it sound like EOL is in 17 days :)
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Note that others visiting this thread can find additional discussion of the PCI compliance issue (including information about the extended deadline) at:

    I need to disable TLS v1.0

    Thank you.
     
Loading...

Share This Page