New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DirectAdmin + OpenLiteSpeed & SSL Configuration : Help Needed
Mahfuz_SS_EHL
Host Rep, Veteran
in Help
Hi,
I'm running DirectAdmin Panel with OpenLiteSpeed Web Server.
But for TLS Version & SSLCiphers, there are two references:
https://www.directadmin.com/features.php?id=2442
https://help.directadmin.com/item.php?id=571
I followed the first link & set |?SSLPROTOCOL=24| which disabled TLS v1.1 & v1.2 but I can set specific ciphers. What are the variables / methods to set specific ciphers there & enable OCSP Stapling ?? There are not so many references / tutorials.
Seeking community help.
Thanks.
Comments
have you checked https://openlitespeed.org/kb/ssl-setup/ ?
Do you mind to check this request with Direct Admin support ?
I've confirmed the sslProtocol works via the token override , but for any settings that are not currently controlled by tokens, just add that raw command into the id=2442 guide's related file, as needed. (See the CUSTOM6 token to 'insert' code into the vhssl {} section)
For any global OLS templates (instead of per-User/pre-Domain), you'd use the CustomBuild templates instead in:
/usr/local/directadmin/custombuild/configure/openlitespeed/conf/*
except copy any files you need to modify into:
/usr/local/directadmin/custombuild/custom/openlitespeed/conf/*
which get copied overtop of whatever gets installed, so you'd only need the singular files to edit.
I could set ciphers & stapling till now. But I can't set the followings:
SSLHonorCipherOrder On
SSLCompression offSSL
SSLSessionTickets Off
Because I don't know the keyword of them. LiteSpeed is different than generalized Apache config.
If you're trying to insert those3 variables into the "vhssl{}" section of the per-domain template, you could insert it into the CUSTOM6 token by creating:
/usr/local/directadmin/data/templates/custom/openlitespeed_vhost.conf.CUSTOM.6.pre
with code:
SSLHonorCipherOrder On
SSLCompression Off
SSLSessionTickets Off
Then rewrite the configs:
cd /usr/local/directadmin/custombuild
./build rewrite_confs
If you have issues, please create a ticket, and one of our techs can assist you there.