TLSv1.3

Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.

Ron Cooper

I have the same problem.
I tried to compile nginx with support for tls1.3 but it doesn't work.
I pay for the pro version but we don't even have an answer on the forum.

here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727


I test with cwp on virtual machine and the nginx of the cwp kept working

Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.

Ron Cooper

I have TLS 1.2 & 1.3 working with CWP on CentOS 8 using Apache. Don't know about Nginx.

Sandeep wrote a nice tutorial at: https://www.mysterydata.com/get-a-score-rating-with-ssllabs-qualys-in-cwp-control-web-panel/

I eddited: /usr/local/apache/conf.d/ssl.conf
with the just following, and then SSLLabs will give you an A+

<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder On
SSLCipherSuite    TLSv1.3    TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
SSLCipherSuite    SSL        ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
SSLCompression Off
SSLSessionTickets Off

Any chance to get official support for TLS1.3 for Centos7 CWP?

Confirmed works perfect with CWP centos 7 and OpenSSL 1.1.1h

here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727


nginx -V
nginx version: nginx/1.19.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1h  22 Sep 2020
TLS SNI support enabled


intructions:
download all files from https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
up to server and change permission execute: chmod +x openssl-1.1-compile.sh
execute with: ./openssl-1.1-compile.sh

execute: sudo systemctl reload

and all works perfect!

here are the tutorials for tls1.3
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
https://www.mysterydata.com/how-to-enable-tls-1-3-in-nginx-cwp-centos-7-centos-8-el7-el8/

Thanks,

I tried the one for nginx an a test VM CWP, it worked for my main domain accounts but i could not add any new certificates for my addon domains etc. i always get an error popup from acme.sh

is it working for you or do i need to change anything else? I did it exactly like you did it in your tutorial.

as it was just my test VM it is not a big problem but i can't do it on my productive system till i know whats up here.

thanks

what is the full error? check the /root/.acme.sh/acme.sh.log its not with nginx issue.

what is the full error? check the /root/.acme.sh/acme.sh.log its not with nginx issue.

Sandeep

I tried https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/

Gave an error on Line 551, which is /usr/local/apache/conf.d/

Attempted 2 times. Both failed.
Server is running Apache Only.

Also when the server was rebooted, it seemed like any service tied to openssl failed, SSH, web, etc.

try this :

Code: [Select]

mv /usr/local/apache/conf.d/mod_security.conf /usr/local/apache/conf.d/mod_security.conf.bak
systemctl restart httpd

this will disable mod security as for some reason modsec is not working.

you can do only nginx config to get tls 1.3 if you want t o use mod security.

okay i've fixed the apache script rerun the step2

@Sandeep Left a message on your mysterydata forum.

One of the steps fails, due to an update of one of the software from 1.42 to 1.43

you need to use version 1.42 and don't update it as new version needs newer software

you need to use version 1.42 and don't update it as new version needs newer software

Thanks for updating the script, will give it another try tonight.