I have tried both options and here are the results:
According to the documentation you gave me, this should work. I didn't know about this possibility, but since a .htaccess is the safest way to do a change for a single domain I tried this first. This is what I put in my .htaccess file:
Header set X-CipherTest test
Note: this is the default from cpanel minus all the DHE ciphers
The Header directive is there so I could make sure the config was executed.
What I observed:
- I could see the header when looking at the request in the browser (network tab in the developer toolbar), so the configuration was read and parsed for sure
- In my browser all the pages under the domain worked as before
- ssllabs (SSL Server Test (Powered by Qualys SSL Labs)) didn't report a change in the ciphers though and worse: it now displayed it didn't get an http response from the server. After commentig out the SSLCipherSuite directive that error went away, so it was definitely caused by this piece of config
- internet.nl (a dutch website that provides similar functionality) also still reported the DHE ciphers being present and - similar to ssllabs - it reported being unable to get an http response from the server.
- testssl (GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port) also still showed the DHE ciphers and also showed a HTTP 200.
- wget and curl were both able to connect and get an http response.
: .htaccess config was parsed but didn't have an effect. worse: it caused problems with two analyses tools
Ah, that's the search term I was looking for I guess : "Apache include for a domain"
I found these instructions and followed them : https://support.cpanel.net/hc/en-us...directives-to-a-specific-domain-s-virtualhost
I then included the exact same config I previously used in my .htaccess
- Header showed up in my browser
- Webpage worked fine
- ssllabs and internet.nl didn't report any issues anymore and DHE ciphers are gone
- in testssl the ciphers are also gone
: Apache includes works flawlessly