In order to further our general goal of making cPanel & WHM as secure as possible out of the box, beginning with version 68 new installs will default to TLS 1.2, with TLS 1.1 and TLS 1.0 being disabled. You will be able to manually enable them if you need to after the install, but we’re defaulting to a more secure environment. Servers that have upgraded to version 68 will retain the existing settings until systems administrators change over to the new, more secure setting.

What is TLS?

The Transport Layer Security (TLS) protocol allows parties to communicate securely over a computer network. TLS ensures that the connection between a client and server remains private through encryption and, in some cases, public authentication. Over time, TLS (and its predecessor, SSL) has been updated to make sure your web browser is talking securely to the site you are browsing and making sure that website is who it says who it is.

Who will be impacted by updating to TLS 1.2?

A large majority of users will see no change; this transition should be seamless for them, as TLS 1.2 is supported by most modern browsers. There are, however, some stubborn old browsers that might run into issues, such as Internet Explorer 10 and below, as well as the Android Browser on KitKat (4.4.4) and below.
More information on browser support for TLS 1.2 is available here: https://caniuse.com/#feat=tls1-2

What will happen if I try to access the server with these old browsers?

If someone tries to access a TLS 1.2 server with an outdated browser or has security settings that limit them to 1.0 or 1.1, they may receive a generic “unable to connect” error that varies by browser. Internet Explorer will state “Internet Explorer cannot display the webpage” without much information to help the user dig deeper.

How do I manually re-enable TLS 1.1 and 1.0?

We don’t recommend falling back to TLS 1.0 and 1.1. We understand some users may need to do so, so there are options available with some modifications required. From version 68, using TLS 1.1 and 1.0 will require additional cipher suite changes. Information on adjusting your cipher suites is available on our cPanel Knowledge Base: How to Adjust Cipher Protocols

How will this work in the future?

While we can’t predict the exact future of web security, we’re already seeing the adoption of TLS 1.3 support by some browsers. TLS 1.3 is in draft at the time of writing, and necessary changes to cPanel & WHM are yet to be determined. If we do see changes may be necessary to the default settings, we’ll let people know and ensure the transition is as painless as possible.

Have ideas for future security changes to cPanel & WHM? Submit a feature request and let us know!

Facebook Comments

More Stuff

Let’s Talk AutoSSL- The Updates! One of the more popular topics talked about amongst the cPanel Community is AutoSSL, a tool that automatically installs domain-validated SSL cert...
Brace Yourselves, NGINX is Coming Arguably, one of the most requested and popular feature requests submitted for cPanel & WHM has been the addition of the NGINX web serve...
Force HTTPS Redirection We’ve talked about SSL (secure socket layer) certificates both on the cPanel blog and at the 2018 cPanel Conference in Houston, Tx as well as many oth...
We Came, We Saw, We cPanel’d Outside the main entrance of CloudFest 2019- The .COM Dome Another CloudFest Conference is in the books for the cPanel Team! This year we attended t...
Spread the love

Posted by News Monkey