documentation

Documentation

/
/
/
/
How do I change the TLS version?

How do I change the TLS version?

How to change TLS version for new sites

To create a site with an up-to-date version TLS version, add the corresponding parameter SSLSecureProtocols with the set value to the ispmgrnode.conf configuration file via the server terminal.

For example, to use TLSv1.2 and TLSv1.3 for sites (on OS with OpenSSL version 1.1.1 or higher) add to:

/usr/local/mgr5/etc/ispmgrnode.conf

the parameter with the following value:

SSLSecureProtocols  TLSv1.2 TLSv1.3
All specified TLS versions will be used.

And reboot the panel using the command below:

/usr/local/mgr5/sbin/mgrctl -m ispmgrnode exit
Attention:
Changes to the configuration file, as well as reloading the panel, must be performed on each node with a web role.

Changing the TLS version for the existing site

To access the site using the required protocol, edit the configuration file through the server terminal or via the panel interface under the server administrator account.

You cannot disable the outdated TLS for a specific site. You must disable it for the entire server. Disabling occurs when you change the TLS value of all sites on the server in the configuration files.

To change using the server terminal:

For example, to use only TLSv1.2 and TLSv1.3 (if supported in OpenSSL), add to:

Nginx
/etc/nginx/vhosts/<user>/<domain.com>.conf

Apache
CentOS - /etc/httpd/conf/vhosts/<user>/<domain.com>.conf
Debian-based - /etc/apache2/vhosts/<user>/<domain.com>.conf

where
<user> - your user
<domain.com> - your domain

the parameter with the following value:

ssl_protocols  TLSv1.2 TLSv1.3;

And reboot the web server using the command below:

service nginx restart
service apache2 restart (Debian-based OS)
service httpd restart (Centos-based OS)
Attention:
Changes in the configuration file as well as reloading the panel should be performed on each node with a web role. Disabling old TLS should also be done in /etc/nginx/nginx.conf file via console or file manager and restart Nginx via console with the command
service nginx restart

To change via the panel interface

  1. In the Main menu choose Domains.
  2. In the drop-down menu select WWW-domains.
  3. Select the needed site and click Configuration files.
  4. In the form that opens, find the server section of the nginx configuration file and add the necessary changes in the ssl_protocols parameter.
  5. Click Save.
Attention:
If you disable the old TLS, devices with outdated browsers will not be able to open your sites.

In this article