Control Web Panel
WebPanel => CentOS 7 Problems => Topic started by: fysioski on January 09, 2021, 12:39:46 PM
-
Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.
Ron Cooper
-
I have the same problem.
I tried to compile nginx with support for tls1.3 but it doesn't work.
I pay for the pro version but we don't even have an answer on the forum.
-
here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
I test with cwp on virtual machine and the nginx of the cwp kept working
-
Does anyone got the TLSv1.3 version on CWP7 with centos 7 working? We dont seem to get it working. I hope someone can help us out as we now only have TLSv1.2. Thanks so much.
Ron Cooper
I have TLS 1.2 & 1.3 working with CWP on CentOS 8 using Apache. Don't know about Nginx.
Sandeep wrote a nice tutorial at: https://www.mysterydata.com/get-a-score-rating-with-ssllabs-qualys-in-cwp-control-web-panel/
I eddited: /usr/local/apache/conf.d/ssl.conf
with the just following, and then SSLLabs will give you an A+
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLHonorCipherOrder On
SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
SSLCipherSuite SSL ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
SSLCompression Off
SSLSessionTickets Off
-
Any chance to get official support for TLS1.3 for Centos7 CWP?
-
Confirmed works perfect with CWP centos 7 and OpenSSL 1.1.1h
here solution:
https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
nginx -V
nginx version: nginx/1.19.6
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
built with OpenSSL 1.1.1h 22 Sep 2020
TLS SNI support enabled
intructions:
download all files from https://gist.github.com/lesstif/a332456a4a6fecdf50f2ccbfe4a02727
up to server and change permission execute: chmod +x openssl-1.1-compile.sh
execute with: ./openssl-1.1-compile.sh
execute: sudo systemctl reload
and all works perfect!
-
here are the tutorials for tls1.3
https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
https://www.mysterydata.com/how-to-enable-tls-1-3-in-nginx-cwp-centos-7-centos-8-el7-el8/
-
Thanks,
I tried the one for nginx an a test VM CWP, it worked for my main domain accounts but i could not add any new certificates for my addon domains etc. i always get an error popup from acme.sh
is it working for you or do i need to change anything else? I did it exactly like you did it in your tutorial.
as it was just my test VM it is not a big problem but i can't do it on my productive system till i know whats up here.
thanks
-
what is the full error? check the /root/.acme.sh/acme.sh.log its not with nginx issue.
-
what is the full error? check the /root/.acme.sh/acme.sh.log its not with nginx issue.
Sandeep
I tried https://www.mysterydata.com/how-to-enable-tls-1-3-in-apache-on-cwp-control-web-panel-centos-7-centos-8-el7-el8/
Gave an error on Line 551, which is /usr/local/apache/conf.d/
Attempted 2 times. Both failed.
Server is running Apache Only.
Also when the server was rebooted, it seemed like any service tied to openssl failed, SSH, web, etc.
-
try this :
mv /usr/local/apache/conf.d/mod_security.conf /usr/local/apache/conf.d/mod_security.conf.bak
systemctl restart httpd
this will disable mod security as for some reason modsec is not working.
you can do only nginx config to get tls 1.3 if you want t o use mod security.
-
okay i've fixed the apache script rerun the step2
-
@Sandeep Left a message on your mysterydata forum.
One of the steps fails, due to an update of one of the software from 1.42 to 1.43
-
you need to use version 1.42 and don't update it as new version needs newer software
-
you need to use version 1.42 and don't update it as new version needs newer software
Thanks for updating the script, will give it another try tonight.
-
Still didn't work. :/