TLS Changes in Version 68

In order to further our general goal of making cPanel & WHM as secure as possible out of the box, beginning with version 68 new installs will default to TLS 1.2, with TLS 1.1 and TLS 1.0 being disabled. You will be able to manually enable them if you need to after the install, but we’re defaulting to a more secure environment. Servers that have upgraded to version 68 will retain the existing settings until …

Spread the love

In order to further our general goal of making cPanel & WHM as secure as possible out of the box, beginning with version 68 new installs will default to TLS 1.2, with TLS 1.1 and TLS 1.0 being disabled. You will be able to manually enable them if you need to after the install, but we’re defaulting to a more secure environment. Servers that have upgraded to version 68 will retain the existing settings until systems administrators change over to the new, more secure setting.

What is TLS?

The Transport Layer Security (TLS) protocol allows parties to communicate securely over a computer network. TLS ensures that the connection between a client and server remains private through encryption and, in some cases, public authentication. Over time, TLS (and its predecessor, SSL) has been updated to make sure your web browser is talking securely to the site you are browsing and making sure that website is who it says who it is.

Who will be impacted by updating to TLS 1.2?

A large majority of users will see no change; this transition should be seamless for them, as TLS 1.2 is supported by most modern browsers. There are, however, some stubborn old browsers that might run into issues, such as Internet Explorer 10 and below, as well as the Android Browser on KitKat (4.4.4) and below.
More information on browser support for TLS 1.2 is available here: https://caniuse.com/#feat=tls1-2

What will happen if I try to access the server with these old browsers?

If someone tries to access a TLS 1.2 server with an outdated browser or has security settings that limit them to 1.0 or 1.1, they may receive a generic “unable to connect” error that varies by browser. Internet Explorer will state “Internet Explorer cannot display the webpage” without much information to help the user dig deeper.

How do I manually re-enable TLS 1.1 and 1.0?

We don’t recommend falling back to TLS 1.0 and 1.1. We understand some users may need to do so, so there are options available with some modifications required. From version 68, using TLS 1.1 and 1.0 will require additional cipher suite changes. Information on adjusting your cipher suites is available on our cPanel Knowledge Base: How to Adjust Cipher Protocols

How will this work in the future?

While we can’t predict the exact future of web security, we’re already seeing the adoption of TLS 1.3 support by some browsers. TLS 1.3 is in draft at the time of writing, and necessary changes to cPanel & WHM are yet to be determined. If we do see changes may be necessary to the default settings, we’ll let people know and ensure the transition is as painless as possible.

Have ideas for future security changes to cPanel & WHM? Submit a feature request and let us know!

Facebook Comments

More Stuff

Making your script work with security tokens in cP... What is a security token?“Security token” URLs were added in cPanel & WHM 11.25 as a security measure, and they were enabled by default in version...
Upcoming changes to the cPanel end-user webmail ex... I want to give people a preview of some changes we’re working on as we bring Paper Lantern to the webmail interface of cPanel & WHM. It’s more tha...
LiteSpeed Web Server Now Supported cPanel is excited to announce support for LiteSpeed Web Server. This integration is part of our ongoing effort to provide cPanel & WHM users with ...
August 2017 Development Update This month we spent mostly fixing bugs in version 66 and rounding out what we’re going to be able to complete in version 68. Version 66 Version 66 has...
Spread the love

Posted by News Monkey