Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 68

Overview

The /usr/local/cpanel/bin/set-tls-settings script configures a server's Secure Socket Layer (SSL) and Transport Layer Security (TLS) cipher suites and protocols for the following services:

  • Web Disk (cpdavd).
  • The cPanel server (cpsrvd).
  • The Dovecot mail server (dovecot).
  • Exim configuration settings (exim).

For more information about these services, read our Service Manager documentation.

Run the /usr/local/cpanel/bin/set-tls-settings script

To run the /usr/local/cpanel/bin/set-tls-settings script on the command line, use the following format:

/usr/local/cpanel/bin/set-tls-settings [options]

Options

This script accepts the following options:

OptionDescriptionExample
--if-missing

Configure the SSL/TLS protocols if they do not currently exist on the server.

 

--if-missing
--cipher-suites

A standard OpenSSL cipher suite string.

Note:

For more information about cipher suites available to OpenSSL, read OpenSSL's Ciphers documentation.

 Click to view...
--cipher-suites=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
--protocols

A colon-separated list of SSL/TLS protocols.

This option accepts the following protocols:

  • SSLv2
  • SSLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2
--protocols=SSLv3:TLSv1.2
service

The service for which to set SSL/TLS protocols.

This option accepts the following services:

  • cpdavd
  • cpsrvd
  • dovecot

  • exim

Important:

Pass the --all option to set the SSL/TLS protocols for all of this option's services.

dovecot
--verboseRun the script in verbose mode.--verbose

Additional documentation