Child pages
  • The set-tls-settings Script

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
LIB:_72Version
LIB:_72Version

Table of Contents
stylenone

Overview

The /usr/local/cpanel/bin/set-tls-settings script configures a server's Secure Socket Layer (SSL) and Transport Layer Security (TLS) cipher suites and protocols for the following services:

  • Web Disk (cpdavd).
  • The cPanel server (cpsrvd).
  • The Dovecot® mail server (dovecot).
  • Exim configuration settings (exim).

For more information about these services, read our Service Manager documentation.

Run the /usr/local/cpanel/bin/set-tls-settings script

To run the /usr/local/cpanel/bin/set-tls-settings script on the command line, use the following format:

Code Block
languagebash
/usr/local/cpanel/bin/set-tls-settings [options]

Options

This script accepts the following options:

OptionDescriptionExample
--if-missing

Configure the SSL/TLS protocols if they do not currently exist on the server.

 

--if-missing
--cipher-suites

A standard OpenSSL cipher suite string.

Note
titleNote:

For more information about cipher suites available to OpenSSL, read OpenSSL's Ciphers documentation.



Expand
titleClick to view...


Code Block
languagebash
--cipher-suites=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256



--protocols

A colon-separated list of SSL/TLS protocols.

This option accepts the following protocols:

  • SSLv2
  • SSLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2
--protocols=SSLv3:TLSv1.2
service

The service for which to set SSL/TLS protocols.

This option accepts the following services:

  • cpdavd
  • cpsrvd
  • dovecot

  • exim

Warning
titleImportant:

Pass the --all option to set the SSL/TLS protocols for all of this option's services.


dovecot
--restart

Restart the specified services to apply the changes.

If you do not pass this option, the script sets the configuration parameters and rebuilds the configuration files. Changes to the services may not display until after a restart.

Note
titleNote:
  • This option requires you to pass a service option.
  • This option restarts all services when you pass the service option's --all option.


--restart
--verboseRun the script in verbose mode.--verbose

Additional documentation

Localtab Group


Localtab
activetrue
titleSuggested documentation

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ssl","services") and label = "whm" and space = currentSpace()


Localtab
titleFor cPanel users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ssl","services") and label = "cpanel" and space = currentSpace()


Localtab
titleFor WHM users

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ssl","services") and label = "whm" and space in (currentSpace(),"CKB")


Localtab
titleFor developers

Content by Label
showLabelsfalse
max5
showSpacefalse
cqllabel in ("ssl","services") and space = "DD"