The set-tls-settings Script
Valid for versions 82 through the latest version
Version:
82
Last modified: July 28, 2022
Overview
The /usr/local/cpanel/bin/set-tls-settings script configures a server’s Secure Socket Layer (SSL) and Transport Layer Security (TLS) cipher suites and protocols for the following services:
-
Web Disk (
cpdavd). -
The cPanel server (
cpsrvd). -
The Dovecot mail server (
dovecot). -
Exim configuration settings (
exim).
For more information about these services, read our Service Manager documentation.
Run the script
To run the /usr/local/cpanel/bin/set-tls-settings script on the command line, use the following format:
/usr/local/cpanel/bin/set-tls-settings [options]Options
This script accepts the following options:
| Option | Description | Example |
|---|---|---|
--if-missing |
Configure the SSL/TLS protocols if they do not currently exist on the server. | --if-missing |
--cipher-suites |
A standard OpenSSL cipher suite string.
Note:
For more information about cipher suites available to OpenSSL, read OpenSSL’s Ciphers documentation.
|
Click to view...
|
--protocols |
A colon-separated list of SSL/TLS protocols. This option accepts the following protocols:
|
--protocols=SSLv3:TLSv1.2 |
service |
The service for which to set SSL/TLS protocols. This option accepts the following services:
Important:
Pass the
--all option to set the SSL/TLS protocols for all of this option’s services.
|
dovecot |
--restart |
Restart the specified services to apply the changes. If you do not pass this option, the script sets the configuration parameters and rebuilds the configuration files. Changes to the services may not display until after a restart.
Note:
|
--restart |
--verbose |
Run the script in verbose mode. | --verbose |