I do want to note that newer cPanel builds are being provisioned with TLS 1.2 enabled and TLS 1.0 and 1.1 disabled!
This can cause older Outlook Clients to not respond properly and/or connect properly to cPanel servers due to Outlook 2007, 2011, 2013 relying on TLS 1.0 still.
Outlook 2016 has TLS 1.2 built-in but requires manual enabling as it defaults to TLS 1.0.
Why Microsoft has done this is because Microsoft Exchange Servers still use TLS 1.0 by default (professional and on-location services).
Just a heads up if you try to configure and it doesn't work.
cPanel ciphers for exim/dovecot will need to be adjusted.