Disabling TLSv1 in cPanel
Due to recent changes in the PCI DSS Security Standards, TLSv1 is no longer accepted by most servers. This can cause delays in mail delivery and many other activities on servers.
So to proactively prevent any issues, it is recommended to disable TLSv1 within WHM/cPanel. There are 4 places in WHM where the protocol list needs to be updated.
1) Log into WHM
2) Go to Service Configuration -> cPanel Web Services Configuration
3) Replace the existign TLS/SSL Protocols list with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>
4) Click Save
5) Go to Service Configuration -> Apache Configuration -> SSL/TLS Protocols
6) Check the lower Radial button to edit the line, and replace with the following <syntaxhighlight lang="bash"> All -SSLv2 -SSLv3 -TLSv1 </syntaxhighlight>
7) Click Save at the bottom of the page.
8) On the next page Click Rebuild Apache Config and Restart
9) When that completes, Go to Service Configuration -> cPanel Web Disk Configuration.
10) Replace the existing TLS/SSL Protocols with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>
11) Click Save
12) Go to Service Configuration -> Exim Configuration Manager -> Advanced Editor
13) Click "Ctrl-F" to open a find dialog at the bottom of the browser, and search for "openssl_options"
14) Replace the existing contents of the box to the right with the following <syntaxhighlight lang="bash"> +no_sslv2 +no_sslv3 +no_tlsv1 </syntaxhighlight>
15) Scroll all the way to the bottom of the window, and then click save
16) Once Exim restarts, you are done
If you run into any problems, please open a support ticket with the exact problem and error message at the Client Area and we will be able to assist you further.