Ispmanager 6 lite, pro, host documentation

How do I change the TLS version?

How to change TLS version for new sites

To create a site with an up-to-date version TLS version, add the corresponding parameter SSLSecureProtocols with the set value to the ispmgr.conf configuration file via the server terminal.

For example, to use  TLSv1.2 and TLSv1.3 for sites (on OS with OpenSSL version 1.1.1 or higher) add to:


the parameter with the following value:

SSLSecureProtocols  TLSv1.2 TLSv1.3
All specified TLS versions will be used.

And reboot the panel using the command below:

/usr/local/mgr5/sbin/mgrctl -m ispmgr -R

After that, Nginx and Apache configuration files of the sites will be created with the specified TLS versions.

Changing the TLS version for the existing site

To access the site using the required protocol, edit the configuration file through the server terminal or via the panel interface under the server administrator account.

You cannot disable the outdated TLS for a specific site. You must disable it for the entire server. Disabling occurs when you change the TLS value of all sites on the server in the configuration files.

To change using the server terminal:

For example, to use only TLSv1.2 and TLSv1.3 (if supported in OpenSSL), add to:


CentOS - /etc/httpd/conf/vhosts/<user>/<>.conf
Debian-based - /etc/apache2/vhosts/<user>/<>.conf

<user> - your user
<> - your domain

the parameter with the following value:

ssl_protocols  TLSv1.2 TLSv1.3;

And reboot the web-server using the command below:

service nginx restart
service apache2 restart (Debian-based OS)
service httpd restart (Centos-based OS)

To change via the panel interface:

  1. In the Main menu choose Sites.
  2. Select the needed site and click Configuration files.
  3. In the form that opens, find the server section of the nginx configuration file and add the necessary changes in the ssl_protocols parameter.
  4. Click Save.
If you disable the old TLS, devices with outdated browsers will not be able to open your sites.