Since the Poodle vulnerability (SSLv3) a number of clients disabling SSLv3 on CentOS 5 breaks compatibility with external sites and applications such as WHMCS and PayPal IPN. This is because TLS1.0 will be the only supported method.
In order to support the TLS1.1 and TLS1.2 you can follow the steps below to force the use of the newer version of openssl:
First we need to get the latest openssl version (all links provided in this article are the latest at the time of writing)
tar -zxf openssl-1.0.1j.tar.gz
./config shared -fPIC
Install latest curl to /usr/local/ssl
rm -rf /opt/curlssl
tar -zxf curl-7.38.0.tar.gz
./configure --prefix=/opt/curlssl --with-ssl=/usr/local/ssl --enable-http --enable-ftp LDFLAGS=-L/usr/local/ssl/lib CPPFLAGS=-I/usr/local/ssl/include
Now we need to configure EasyApache to use what we’ve done, we will do this by creating two files.
Edit all_php5 in your favourite text editor
Edit Apache2_4 in your favourite text editor
Go into WHM goto EasyApache, Select build from current profile or customise as you require. Once completed you now have TLS 1.2 that will survive upgrades!
For forwarding secrecy and high encryption ratings add the following from WHM > Apache Configuration > Include Editor > Pre VirtualHost Include, choose either all versions or your current version and paste the below code into the box
SSLProtocol -SSLv2 -SSLv3 +TLSv1.2 +TLSv1.1 +TLSv1