Author Topic: TLSv1.3  (Read 9493 times)

0 Members and 1 Guest are viewing this topic.

« on: January 09, 2021, 12:39:46 PM »
Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.

Ron Cooper

Re: TLSv1.3
« Reply #1 on: February 11, 2021, 11:57:55 AM »

I have the same problem.
I tried to compile nginx with support for tls1.3 but it doesn't work.
I pay for the pro version but we don't even have an answer on the forum.

Re: TLSv1.3
« Reply #2 on: February 11, 2021, 03:57:44 PM »
here solution:

I test with cwp on virtual machine and the nginx of the cwp kept working

Re: TLSv1.3
« Reply #3 on: February 12, 2021, 04:05:15 AM »
Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.

Ron Cooper

I have TLS 1.2 & 1.3 working with CWP on CentOS 8 using Apache. Don't know about Nginx.

Sandeep wrote a nice tutorial at:

I eddited: /usr/local/apache/conf.d/ssl.conf
with the just following, and then SSLLabs will give you an A+

<IfModule !ssl_module>
LoadModule ssl_module modules/
Listen 443
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder On
SSLCipherSuite    TLSv1.3    TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
SSLCompression Off
SSLSessionTickets Off

Re: TLSv1.3
« Reply #4 on: March 16, 2021, 09:33:54 PM »
Any chance to get official support for TLS1.3 for Centos7 CWP?

Re: TLSv1.3
« Reply #5 on: March 22, 2021, 07:48:46 PM »
Confirmed works perfect with CWP centos 7 and OpenSSL 1.1.1h

here solution:

nginx -V
nginx version: nginx/1.19.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1h  22 Sep 2020
TLS SNI support enabled

download all files from
up to server and change permission execute: chmod +x
execute with: ./

execute: sudo systemctl reload

and all works perfect!
« Last Edit: March 22, 2021, 07:53:29 PM by dinho »

Re: TLSv1.3
« Reply #7 on: April 03, 2021, 11:06:11 AM »

I tried the one for nginx an a test VM CWP, it worked for my main domain accounts but i could not add any new certificates for my addon domains etc. i always get an error popup from

is it working for you or do i need to change anything else? I did it exactly like you did it in your tutorial.

as it was just my test VM it is not a big problem but i can't do it on my productive system till i know whats up here.


Re: TLSv1.3
« Reply #8 on: April 03, 2021, 01:04:21 PM »
what is the full error? check the /root/ its not with nginx issue.

Re: TLSv1.3
« Reply #9 on: April 04, 2021, 06:04:57 AM »
what is the full error? check the /root/ its not with nginx issue.


I tried

Gave an error on Line 551, which is /usr/local/apache/conf.d/

Attempted 2 times. Both failed.
Server is running Apache Only.

Also when the server was rebooted, it seemed like any service tied to openssl failed, SSH, web, etc.

Re: TLSv1.3
« Reply #10 on: April 04, 2021, 02:43:20 PM »
try this :

Code: [Select]
mv /usr/local/apache/conf.d/mod_security.conf /usr/local/apache/conf.d/mod_security.conf.bak
systemctl restart httpd

this will disable mod security as for some reason modsec is not working.

you can do only nginx config to get tls 1.3 if you want t o use mod security.

Re: TLSv1.3
« Reply #11 on: April 04, 2021, 03:10:11 PM »
okay i've fixed the apache script rerun the step2

Re: TLSv1.3
« Reply #12 on: April 10, 2021, 10:53:46 PM »
@Sandeep Left a message on your mysterydata forum.

One of the steps fails, due to an update of one of the software from 1.42 to 1.43

Re: TLSv1.3
« Reply #13 on: April 11, 2021, 02:10:09 AM »
you need to use version 1.42 and don't update it as new version needs newer software

Re: TLSv1.3
« Reply #14 on: April 11, 2021, 07:39:50 PM »
you need to use version 1.42 and don't update it as new version needs newer software

Thanks for updating the script, will give it another try tonight.