Disabling TLSv1 in cPanel

Due to recent changes in the PCI DSS Security Standards, TLSv1 is no longer accepted by most servers. This can cause delays in mail delivery and many other activities on servers.

So to proactively prevent any issues, it is recommended to disable TLSv1 within WHM/cPanel. There are 4 places in WHM where the protocol list needs to be updated.

1) Log into WHM

2) Go to Service Configuration -> cPanel Web Services Configuration

3) Replace the existign TLS/SSL Protocols list with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>

4) Click Save

5) Go to Service Configuration -> Apache Configuration -> SSL/TLS Protocols

6) Check the lower Radial button to edit the line, and replace with the following <syntaxhighlight lang="bash"> All -SSLv2 -SSLv3 -TLSv1 </syntaxhighlight>

7) Click Save at the bottom of the page.

8) On the next page Click Rebuild Apache Config and Restart

9) When that completes, Go to Service Configuration -> cPanel Web Disk Configuration.

10) Replace the existing TLS/SSL Protocols with the following <syntaxhighlight lang="bash"> SSLv23:!SSLv2:!SSLv3:!TLSv1 </syntaxhighlight>

11) Click Save

12) Go to Service Configuration -> Exim Configuration Manager -> Advanced Editor

13) Click "Ctrl-F" to open a find dialog at the bottom of the browser, and search for "openssl_options"

14) Replace the existing contents of the box to the right with the following <syntaxhighlight lang="bash"> +no_sslv2 +no_sslv3 +no_tlsv1 </syntaxhighlight>

15) Scroll all the way to the bottom of the window, and then click save

16) Once Exim restarts, you are done

If you run into any problems, please open a support ticket with the exact problem and error message at the Client Area and we will be able to assist you further.