How to enable TLS 1.3 on cPanel

TLS 1.3 is a new encryption protocol and is the succesor of TLS version 1.2

TLS version 1.2 is still in used along with version 1.3. TLS version 1.0 and 1.1 have been deprecated in 2020.

This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.

RFC 8446

How to enable TLS 1.3 on cPanel/WHM web hosting servers:

1. Connect as root to your WHM installation

2. Navigate to Home-> Service Configuration -> Apache Configuration -> Global Configuration

tls13 1

3. Here, look for the SSL/TLS Protocols field and enter:

ALL -SSLv3 -TLSv1 -TLSv1.1

4. Click the Save button at the bottom of the page

5. Click the Rebuild Configuration and Restart Apache button to apply the TLS changes. cPanel will rebuild the Apache configuration and restart it.

tls13 2

To test the enabled protocols use the SSL tool from https://www.ssllabs.com/ssltest/ The TLS status prior to enabling TLS version 1.3:

tls13 no
TLS 1.3 not enabled

The TLS status after enabling TLS version 1.3. As you can see, now both TLS 1.2 and 1.3 are enabled on the server:

tls13 yes
TLS 1.3 enabled

Resources:

TLS Wikipedia
TLS 1.3 RFC Standard

Related Articles:

How to test SSL certificates

Leave a Reply