cPanel disable Cipher Suites

ca2236

Well-Known Member
Feb 2, 2018
230
23
18
Nebraska
cPanel Access Level
DataCenter Provider
Hello,

I found various posts and pages around the net on disabling cipher suites, however, I had a question on how to do it in cpanel.

I think I do it here:
  • Home » Service Configuration » Apache Configuration » Global Configuration
and then the SSL Cipher Suite

but I don't know how to call the protocol names.

I want to disable TLS_RSA_WITH_AES_128_GCM_SHA256 (for example)

I think I do with with a exclamation point. but now sure of the name. There are other weak TLSA_RSA_AES with various names and 'features'. Is there a way to blank disable all of them? If not, how do I figure out each of the names?

Edit: I found this site:
mod_ssl - Apache HTTP Server Version 2.5

Which I think helps, but, I still am working through figuring out the correct cipher-tag for each (I think that is the right name)

Thanks
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hi @ca2236

You should be able to disable with a ! as indicated on the mod_ssl documentation where they show the null ciphers disabled:
aNULL, eNULL and EXP ciphers are always disabled
Beginning with version 2.4.7, null and export-grade ciphers are always disabled, as mod_ssl unconditionally adds !aNULL:!eNULL:!EXP to any cipher string at initialization.
Ultimately you might want to check out secure cipher examples and use something of that nature rather than go through them piece by piece. The documentation here might be helpful:
SSL/TLS Strong Encryption: How-To - Apache HTTP Server Version 2.4
Generate Mozilla Security Recommended Web Server Configuration Files