Valid for versions 82 through the latest version
Last modified: July 28, 2022
Overview
The /usr/local/cpanel/bin/set-tls-settings
script configures a servers Secure Socket Layer (SSL) and Transport Layer Security (TLS) cipher suites and protocols for the following services:
-
Web Disk (
cpdavd
). -
The cPanel server (
cpsrvd
). -
The Dovecot mail server (
dovecot
). -
Exim configuration settings (
exim
).
For more information about these services, read our Service Manager documentation.
Run the script
To run the /usr/local/cpanel/bin/set-tls-settings
script on the command line, use the following format:
/usr/local/cpanel/bin/set-tls-settings [options]
Options
This script accepts the following options:
Option | Description | Example |
---|---|---|
--if-missing |
Configure the SSL/TLS protocols if they do not currently exist on the server. | --if-missing |
--cipher-suites |
A standard OpenSSL cipher suite string.
Note:
For more information about cipher suites available to OpenSSL, read OpenSSLs Ciphers documentation.
|
|
--protocols |
A colon-separated list of SSL/TLS protocols. This option accepts the following protocols:
|
--protocols=SSLv3:TLSv1.2 |
service |
The service for which to set SSL/TLS protocols. This option accepts the following services:
Important:
Pass the
--all option to set the SSL/TLS protocols for all of this options services. |
dovecot |
--restart |
Restart the specified services to apply the changes. If you do not pass this option, the script sets the configuration parameters and rebuilds the configuration files. Changes to the services may not display until after a restart.
Note:
|
--restart |
--verbose |
Run the script in verbose mode. | --verbose |