View the related cPanel forum threads for more information on how to support Forward Secrecy.
At the top, you should not see “ This server supports TLS 1.0 and TLS 1.1.”.Make sure to check the box stating “ Do not show the results on the boards” for some anonymity. The easiest option is to use the Qualys SSL Labs test. ĬentOS, Debian, or Ubuntu No bloatware SSH Key management made easy Test your SSL/TLS SettingsĪfter you finish configuring your TLS settings, there are two easy methods to check your TLS changes. Only pay for what you need with our Cloud VPS solutions. If you don’t need cPanel, don't pay for it. Restart Apache: systemctl restart apache2.Ensure it states the following: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 You can use the find command if it’s not below:ĬentOS: nano /etc/httpd/conf.dDebian/Ubuntu: nano /etc/apache2/mods-enabled/ssl.conf Rebuild your Nginx configuration: ngxconf -Rrd -forceĭisable Older TLS Versions on Apache Serversįollow these steps to harden unmanged Linux servers.Look for the ssl_protocols line at the bottom of the file.Edit your default Nginx configuration file: nano /opt/ngxconf/templates/default_server.j2.Steps may differ if not managing an InMotion Hosting server. If your cPanel server runs Nginx, including users with the cPanel Cache Manager, you’ll need to do some advanced Nginx configuration: If not, test your TLS settings.Įnjoy high-performance, lightning-fast servers with increased security and maximum up-time with our Managed VPS Hosting! Disable Older TLS Versions on Nginx Servers If your cPanel server runs Nginx, follow the Nginx section below.Select Rebuild Configuration and Restart Apache.Select the radio button beside “ TLSv1.2 default.” If you wish to support the latest TLS version, TLS 1.3, select the radio button beside the text field and type the following: TLSv1.2 +TLSv1.3 you’ll likely see text similar to the following: SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1. On the left, select Apache Configuration.Log into WebHost Manager (WHM) as root.To test what TLS versions your Linux web server uses, you can use third party tools such as the Qualys SSL Labs online tool, included in the Mozilla Observatory Header Scanner.īelow we cover how to disable older TLS versions and enable TLS 1.3 on:įollow these steps to harden cPanel-managed servers. This is a quick, but valuable way to harden your Linux server to protect your data and website visitors. However, many web server environments leave the older TLS versions enabled to ensure compatibility for new users. TLS versions 1.0 and 1.1 are now considered insecure with TLS 1.2 being the current standard and TLS 1.3 being the newest version available today.
0 kommentar(er)
