The set-tls-settings Script

Valid for versions 82 through the latest version



Last modified: July 28, 2022


The /usr/local/cpanel/bin/set-tls-settings script configures a server’s Secure Socket Layer (SSL) and Transport Layer Security (TLS) cipher suites and protocols for the following services:

  • Web Disk (cpdavd).

  • The cPanel server (cpsrvd).

  • The Dovecot mail server (dovecot).

  • Exim configuration settings (exim).

For more information about these services, read our Service Manager documentation.

Run the script

To run the /usr/local/cpanel/bin/set-tls-settings script on the command line, use the following format:

/usr/local/cpanel/bin/set-tls-settings [options]


This script accepts the following options:

Option Description Example
--if-missing Configure the SSL/TLS protocols if they do not currently exist on the server. --if-missing
--cipher-suites A standard OpenSSL cipher suite string.
For more information about cipher suites available to OpenSSL, read OpenSSL’s Ciphers documentation.


--protocols A colon-separated list of SSL/TLS protocols. This option accepts the following protocols:
  • SSLv2
  • SSLv3
  • TLSv1
  • TLSv1.1
  • TLSv1.2
    service The service for which to set SSL/TLS protocols. This option accepts the following services:
    • cpdavd
    • cpsrvd
    • dovecot
    • exim
    Pass the --all option to set the SSL/TLS protocols for all of this option’s services.
    --restart Restart the specified services to apply the changes. If you do not pass this option, the script sets the configuration parameters and rebuilds the configuration files. Changes to the services may not display until after a restart.
    • This option **requires** you pass a `service` option.
    • This option restarts **all** services when you pass the `service` option's `--all` option.
    --verbose Run the script in verbose mode. --verbose

    Additional Documentation