Disabling TLSv1 in cPanel

From Acenet Knowledgebase
Revision as of 11:06, 25 October 2016 by Docs admin (talk | contribs) (Created page with "Due to recent changes in the PCI DSS Security Standards, TLSv1 is no longer accepted by most servers. This can cause delays in mail delivery and many other activities on ser...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Due to recent changes in the PCI DSS Security Standards, TLSv1 is no longer accepted by most servers. This can cause delays in mail delivery and many other activities on servers.

So to proactively prevent any issues, it is recommended to disabled TLSv1 within WHM/cPanel. There are 4 places in WHM where the protocol list needs to be updated.


1) Log into WHM

2) Go to Service Configuration -> cPanel Web Services Configuration

3) Replace the existign TLS/SSL Protocols list with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>

4) Click Save

5) Go to Service Configuration -> Apache Configuration -> SSL/TLS Protocols

6) Check the lower Radial button to edit the line, and replace with the following <syntaxhighlight lang="bash"> All -SSLv2 -SSLv3 -TLSv1 </syntaxhighlight>

7) Click Save at the bottom of the page.

8) Go to Service Configuration -> cPanel Web Disk Configuration.

9) Replace the existing TLS/SSL Protocols with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>

10) Click Save

11) Go to Service Configuration -> Exim Configuration Manager -> Advanced Editor

12) Click "Ctrl-F" to open a find dialog at the bottom of the browser, and search for "openssl_options"

13) Replace the existing contents of the box to the right with the following <syntaxhighlight lang="bash"> +no_sslv2 +no_sslv3 +no_tlsv1 </syntaxhighlight>

14) Scroll all the way to the bottom of the window, and then click save


If you run into any problems, please open a support ticket with the exact problem and error message at the Client Area and we will be able to assist you further.