Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


DirectAdmin + OpenLiteSpeed & SSL Configuration : Help Needed
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

DirectAdmin + OpenLiteSpeed & SSL Configuration : Help Needed

Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

Hi,

I'm running DirectAdmin Panel with OpenLiteSpeed Web Server.

But for TLS Version & SSLCiphers, there are two references:

https://www.directadmin.com/features.php?id=2442
https://help.directadmin.com/item.php?id=571

I followed the first link & set |?SSLPROTOCOL=24| which disabled TLS v1.1 & v1.2 but I can set specific ciphers. What are the variables / methods to set specific ciphers there & enable OCSP Stapling ?? There are not so many references / tutorials.

Seeking community help.

Thanks.

Comments

  • Thanked by 1ViridWeb
  • Do you mind to check this request with Direct Admin support ?

  • I've confirmed the sslProtocol works via the token override , but for any settings that are not currently controlled by tokens, just add that raw command into the id=2442 guide's related file, as needed. (See the CUSTOM6 token to 'insert' code into the vhssl {} section)

    For any global OLS templates (instead of per-User/pre-Domain), you'd use the CustomBuild templates instead in:

    /usr/local/directadmin/custombuild/configure/openlitespeed/conf/*

    except copy any files you need to modify into:
    /usr/local/directadmin/custombuild/custom/openlitespeed/conf/*

    which get copied overtop of whatever gets installed, so you'd only need the singular files to edit.

    Thanked by 1Shoaib_A
  • Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

    @DA_Mark said:
    I've confirmed the sslProtocol works via the token override , but for any settings that are not currently controlled by tokens, just add that raw command into the id=2442 guide's related file, as needed. (See the CUSTOM6 token to 'insert' code into the vhssl {} section)

    For any global OLS templates (instead of per-User/pre-Domain), you'd use the CustomBuild templates instead in:

    /usr/local/directadmin/custombuild/configure/openlitespeed/conf/*

    except copy any files you need to modify into:
    /usr/local/directadmin/custombuild/custom/openlitespeed/conf/*

    which get copied overtop of whatever gets installed, so you'd only need the singular files to edit.

    I could set ciphers & stapling till now. But I can't set the followings:

    SSLHonorCipherOrder On
    SSLCompression offSSL
    SSLSessionTickets Off

    Because I don't know the keyword of them. LiteSpeed is different than generalized Apache config.

  • If you're trying to insert those3 variables into the "vhssl{}" section of the per-domain template, you could insert it into the CUSTOM6 token by creating:
    /usr/local/directadmin/data/templates/custom/openlitespeed_vhost.conf.CUSTOM.6.pre

    with code:
    SSLHonorCipherOrder On
    SSLCompression Off
    SSLSessionTickets Off

    Then rewrite the configs:
    cd /usr/local/directadmin/custombuild
    ./build rewrite_confs

    If you have issues, please create a ticket, and one of our techs can assist you there.

Sign In or Register to comment.