Disabling TLSv1 in cPanel

From Acenet Knowledgebase
Revision as of 12:12, 25 October 2016 by Docs admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Due to recent changes in the PCI DSS Security Standards, TLSv1 is no longer accepted by most servers. This can cause delays in mail delivery and many other activities on servers.

So to proactively prevent any issues, it is recommended to disable TLSv1 within WHM/cPanel. There are 4 places in WHM where the protocol list needs to be updated.


1) Log into WHM

2) Go to Service Configuration -> cPanel Web Services Configuration

3) Replace the existign TLS/SSL Protocols list with the following

SSLv23:!SSLv2:!SSLv3:!TLSv1

4) Click Save

5) Go to Service Configuration -> Apache Configuration -> SSL/TLS Protocols

6) Check the lower Radial button to edit the line, and replace with the following

All -SSLv2 -SSLv3 -TLSv1

7) Click Save at the bottom of the page.

8) On the next page Click Rebuild Apache Config and Restart

9) When that completes, Go to Service Configuration -> cPanel Web Disk Configuration.

10) Replace the existing TLS/SSL Protocols with the following

SSLv23:!SSLv2:!SSLv3:!TLSv1

11) Click Save

12) Go to Service Configuration -> Exim Configuration Manager -> Advanced Editor

13) Click "Ctrl-F" to open a find dialog at the bottom of the browser, and search for "openssl_options"

14) Replace the existing contents of the box to the right with the following

+no_sslv2 +no_sslv3 +no_tlsv1

15) Scroll all the way to the bottom of the window, and then click save

16) Once Exim restarts, you are done


If you run into any problems, please open a support ticket with the exact problem and error message at the Client Area and we will be able to assist you further.