1. anton_latvia

    SMTP TLS v1 issue

    We have installed new server and starting customer migration. And the following problem arise - some PHP scripts, that are using SMTP and TLS to connect to server - are not able to do it anymore. In the exim_mainlog I see these related messages: <code> 2023-10-26 14:59:08 SMTP connection from...
  2. B

    SOLVED Extremely long "blocked" and "TLS setup" timings until I restart Apache?

    Hi, I would like to know if you guys have any pointers or ideas for what to check as I'm facing a new issue that I've never experienced before and it's been quite constant now for almost 2 days straight. I'm experiencing extremely long blocked and TLS setup timings until I restart Apache...
  3. A

    SMTP Port 465 works for Outlook but not iPhone. Also Outlook wont connect using TLS.

    When I configure mail on an iPhone it defaults to SMTP Port 587. This works. I go back in and change the SMTP Port to 465 but it will just spin and spin trying to verify the settings but never resolves. I am able to configure a new mailbox in Outlook using SMTP Port 465 just fine. Although...
  4. M

    TLS Version 1.1 Protocol Deprecated in CISA scans.

    I'm running cent os 7.9 with whm and using litespeed server. where do I change this setting to disable older tls? all online documentation is not helping me find the real setting. Home / Service Configuration / Apache Configuration / Global Configuration all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1...
  5. T

    how to use dhparam 4096

    Cpanel's default support for secure parameters for Diffie-Hellman key exchange is not optimal, and even considered insufficient by some official organisations. See for example : IT Security Guidelines for Transport Layer Security (TLS) That's why I want to increase them. This is what I've...
  6. amstel

    SSL/TLS: Renegotiation DoS Vulnerability

    Hi, I have been running a security scan on one of my website. A scanner has found that issue: SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094) Summary The remote SSL/TLS service is prone to a denial of service (DoS) vulnerability. Insight The flaw exists because the...
  7. A

    MySql TLS version wannings

    Hello, MySql server is showing following wannings. A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher. CA certificate ca.pem is self signed. I checked for updates and it is stating mysqld 5.7.40 and saying all packages are updated. Please help me fix this issue...
  8. M

    WHM: How to solve SMTP lacking PTR record or record not same as SMTP Banner and also SMTP doesn't support TLS

    I have over the years had persistent issues with TLS and, separately, rDNS PTR records. With some work some years ago (pre-covid!) this was resolved and everything was hunky dory. Now, for some reason, the issue has returned according to which states that for every domain on one...
  9. rivermobster

    Best TLS Settings in WHM

    Does this look like something I should actually do? Paste these three lines in the editor, then click on Update: Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Header always set X-XSS-Protection "1...
  10. O

    Received certificate chain could not be verified

    Hello, for some reason i began receive this error when i try ftp connection. I haven't touched the FTP settings for many months so I think some update may have caused this. Has anyone gone through this? If yes, how to solve? Best regards.
  11. H

    Let's Encrypt - Certificate not working

    Hi. i am using Let's Encrypt for my server and for some reason some clients are complaining about non working tls sertificate and https not working on my site. Any ideas on how to dig further where to find the problem? Chrome on android said (acording to the customer) ...
  12. cPAdminsMichael

    Enforce/require TLS

    Hi guys, Now my time for a question :) I got a good question from a client. According to the "new" GDPR policy in EU, companies are obligated to enforce TLS1.2 in all mail communication that includes PII from client to destination mailserver. cPanel by default require TLS1.2 for...
  13. V

    SOLVED incoming mail tls error connection

    Hello When mail is sent to our server from a service provider, mails do not reach, we see a tls error when we look at the exim_mainlog. We activated TLS 1.0 and 1.1 for trial purposes, but there was no solution. There is no blocking between the 2 servers. 2021-08-16 09:18:13 TLS error on...
  14. C

    Possible Bug: TLS 1.3 not available with NGINX

    An online security checking website finds that my VPS site supports TLS 1.2, but not TLS 1.3. When I pull up my site's home page in Firefox, click on the lock icon, click on "Connection Secure", then on "More Information", under "Technical Details" it does indeed show encryption with TLS 1.2...
  15. mlopez

    SOLVED Default TLS version for mail server

    I would like to know the default (or the available) TLS version of cPanel (92.0.9). A user is asking me which of the following are acceptable: TLSv1, TLSv1.1, TLSv1.2 or TLSv1.3 Thank you in advance
  16. T

    Need to temporarily enable TLSv1

    I need to enable TLSv1 and TLSv1.1 on our server temporarily, for one of our apps that requires it still, for now. However, cPanel is no longer allowing that the "standard way". Editing the values in httpd.conf do not seem to do anything. How should I proceed? Thanks!
  17. B

    TLS 1.2 Not Enabled in Wordpress

    Hello, I installed the "tls1.2 compatibility test" plugin in Wordpress and it reports that tls 1.2 is disabled and can't curl to " cURL error 6: Could not resolve host: " I did google and read the documentation but can't figure it out. Under Glogbal Apache settings, I set...
  18. L

    unable to disable TLS v1, v1.1

    There are some other threads regarding this issue but they've not helped solve the problem, and most reference older versions of WHM. I'm trying to disable TLS v1 and v1.1 on my WHM/cPanel server, running WHM v90.0.18. I've navigated to Home > Service Configuration > Apache Configuration >...
  19. V

    Apache TLS 1.0 support Cpanel 90 version

    Hi; It seems that apache TLS version 1.0 support has been completely removed in Cpanel 90 version, these directives are no longer accepted when we want to activate TLS 1.0 with global configuration. Those using old browsers still use tls 1.0, how can we get this support back?
  20. P

    SMTP TLS , DMARC Record and some mailing related issues.

    Hey Buddies ! I want to improve my mail delivery , please help me. In MXtoolbox , when I tested my Server's SMTP then it shows some issues - SMTP TLS Warning - Does not support TLS. SMTP Banner Check Reverse DNS does not match SMTP Banner SMTP Transaction Time 15.578 seconds - Not good! on...