SSLCipherSuite and security

**Julien PHAM** · 07-13-2009 08:19 AM

Hi,

I have installed the CSF Firewall. When I do a check it says that :

Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf

What I do not understand is that when I go to the link provided to apache global configuration, the SSLCipherSuite line looks like this :

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

And according to what is written below, this is the default.

So my SSLv2 is already disabled.

So why CSF continues to say I should disable it?

Thanks

**cPanelDavidG** · 07-13-2009 11:57 AM

Originally Posted by Julien PHAM

...

So why CSF continues to say I should disable it?

Thanks

You may want to ask the ConfigServer folks yourself: ConfigServer Services

LinkBack

Thread Tools

SSLCipherSuite and security

Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)

Simple security question about mod-security rule sets.

Security A Security hole has been discovered in the cPanel's suexec/mod_php handlers.