How do I change the TLS version?
How to change TLS version for new sites
To create a site with an up-to-date version TLS version, add the corresponding parameter SSLSecureProtocols with the set value to the ispmgr.conf configuration file via the server terminal.
For example, to use TLSv1.2 and TLSv1.3 for sites (on OS with OpenSSL version 1.1.1 or higher) add to:
/usr/local/mgr5/etc/ispmgr.confthe parameter with the following value:
SSLSecureProtocols TLSv1.2 TLSv1.3And reboot the panel using the command below:
/usr/local/mgr5/sbin/mgrctl -m ispmgr -RAfter that, Nginx and Apache configuration files of the sites will be created with the specified TLS versions.
Changing the TLS version for the existing site
To access the site using the required protocol, edit the configuration file through the server terminal or via the panel interface under the server administrator account.
To change using the server terminal:
For example, to use only TLSv1.2 and TLSv1.3 (if supported in OpenSSL), add to:
Nginx
/etc/nginx/vhosts/<user>/<domain.com>.conf
Apache
CentOS - /etc/httpd/conf/vhosts/<user>/<domain.com>.conf
Debian-based - /etc/apache2/vhosts/<user>/<domain.com>.conf
where
<user> - your user
<domain.com> - your domainthe parameter with the following value:
ssl_protocols TLSv1.2 TLSv1.3;And reboot the web-server using the command below:
service nginx restart
service apache2 restart (Debian-based OS)
service httpd restart (Centos-based OS)To change via the panel interface:
- In the Main menu choose Sites.
- Select the needed site and click Configuration files.
- In the form that opens, find the server section of the nginx configuration file and add the necessary changes in the
ssl_protocolsparameter.
- Click Save.