Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
NickTheGreek

CentOS 5 TLS 1.2 support with cPanel/WHM

By NickTheGreek, in Server Control panels

Recommended Posts

NickTheGreek    160

NickTheGreek
Posted

Since the Poodle vulnerability (SSLv3) a number of clients disabling SSLv3 on CentOS 5 breaks compatibility with external sites and applications such as WHMCS and PayPal IPN. This is because TLS1.0 will be the only supported method.

In order to support the TLS1.1 and TLS1.2 you can follow the steps below to force the use of the newer version of openssl:

First we need to get the latest openssl version (all links provided in this article are the latest at the time of writing)
wget 'http://www.openssl.org/source/openssl-1.0.1j.tar.gz'
tar -zxf openssl-1.0.1j.tar.gz
cd openssl-1.0.1j
./config shared -fPIC
make
make install

 

Install latest curl to /usr/local/ssl
rm -rf /opt/curlssl
wget 'http://curl.haxx.se/download/curl-7.38.0.tar.gz'
tar -zxf curl-7.38.0.tar.gz
cd curl-7.38.0
./configure --prefix=/opt/curlssl --with-ssl=/usr/local/ssl --enable-http --enable-ftp LDFLAGS=-L/usr/local/ssl/lib CPPFLAGS=-I/usr/local/ssl/include
make
make install

 

Now we need to configure EasyApache to use what we’ve done, we will do this by creating two files.

cd /var/cpanel/easy/apache/rawopts
touch all_php5
touch Apache2_4

 

Edit all_php5 in your favourite text editor
--enable-ssl
--with-ssl=/usr/local/ssl
--with-curl=/opt/curlssl
LDFLAGS=-L/usr/local/ssl/lib
CPPFLAGS=-I/usr/local/ssl/include

 

Edit Apache2_4 in your favourite text editor
--with-ssl=/usr/local/ssl
LDFLAGS=-L/usr/local/ssl/lib
CPPFLAGS=-I/usr/local/ssl/include

 

Go into WHM goto EasyApache, Select build from current profile or customise as you require. Once completed you now have TLS 1.2 that will survive upgrades!

For forwarding secrecy and high encryption ratings add the following from WHM > Apache Configuration > Include Editor > Pre VirtualHost Include, choose either all versions or your current version and paste the below code into the box

SSLProtocol -SSLv2 -SSLv3 +TLSv1.2 +TLSv1.1 +TLSv1
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!NULL:!eNULL:!aNULL:!DSS:-LOW:RSA+RC4+SHA

https://www.gbservers.co.uk/2014/10/19/centos-5-tls-1-2-support-cpanelwhm/

 

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing
×