How to Enable TLS 1.3 in Apache on CWP- Control Web Panel Centos 7 Centos 8 EL7 El8

by Sandeep B.

In this tutorial I’ll guide you how you can enable TLSv1.3 in CWP-httpd/Apache (when only Apache webserver installed) I’ve tested this and it seems to be working fine. HTTPS performance has been made faster and safer for every user and every device after you enable the tls 1.3 you’ll notice faster website loading.

Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to previous versions of TLS and non-secure HTTP. Performance has a major impact on user experience. TLS 1.3 represents a pivotal turning point for HTTPS performance. Modern mobile networks will routinely add over 100ms of latency to each request. TLS 1.3 makes page load times significantly faster for mobile devices, improving the user experience for your visitors.

This tutorial will enable HTTP/2 and TLSv1.3 automatically if you’re using nginx as proxy or nginx + php-fpm follow this tutorial too :

Step 1

Installing few Dependencies needed for the Apache build :

Installing Autoconf :

cd /usr/local/src
rm -rf autoconf-*
tar zxvf autoconf-latest.tar.gz
cd autoconf-*/
./configure --prefix=/usr
make && make install

Installing Openssl :

cd /usr/local/src
rm -rf  openssl*
yum install libtool zlib-devel -y
tar zxvf openssl-1.1.1k.tar.gz
cd openssl-1.1.1k
./config --prefix=/usr/local/opensslso --openssldir=/usr/local/opensslso zlib shared
make && make install

*Building openssl will take some time

Installing Nghttp2 :

cd /usr/local/src
rm -rf Python-*
tar xvf Python-3.8.8.tgz
cd Python-3.8*/
./configure --enable-optimizations
make altinstall
cd /usr/local/src
rm -rf nghttp2-*
yum install libtool -y
tar zxvf nghttp2-1.43.0.tar.gz
cd nghttp2-*/
./configure --prefix=/usr PKG_CONFIG_PATH=/usr/local/opensslso/lib/pkgconfig
make && make install

Step 2 :

Building Apache el7/Centos7 :

cd /usr/local/src
rm -rf /usr/local/src/apache*
wget --no-cache
chmod 755

Building Apache el8/Centos8 :

cd /usr/local/src
rm -rf /usr/local/src/apache*
wget --no-cache
chmod 755

**This Apache script will enable HTTP/2 and TLSv1.3 automatically and installs latest version of apache.

Troubleshoot :

if you rebuilded webserver and TLS 1.3 is stopped working run this two commands to get the TLS 1.3 back again (when using apache only webserver)

sed -i 's/All -SSLv2 -SSLv3/-All +TLSv1.2 +TLSv1.3 /g' /usr/local/apache/conf.d/ssl.conf
systemctl restart httpd

Checking TLSv1.3 and http2:

Thsts it you’re done to check TLSv1.3 is working or not check this via the online checker, ensure you’ve ssl installed for the domain you’re checking :

GO to this link and enter the url to check TSL 1.3 protocol :

GO to this link and enter the url to check the http2 :

You’ll se below like result :

for TLS 1.3 check :

For http2 test :

If this post helps you in any way please consider a donation

Donate with PayPal :


You may also like

Leave a Comment