Disable Weak RC4 Ciphers PCI Compliance Q2 of 2019


Jun 5, 2019
United States
cPanel Access Level
Root Administrator
Hola, I am at my wits end with attempting to obtain compliance for a new PCI vulnerability flagged here in the second calendar quarter of 2019. Specifically this time around, our Payment Processor is demanding we disable "SSL/TLS use of Weak RC4 (Arcfour) Ciphers.

However, I have added :!RC4 to every cipher string tweak entry point within WHM known to me:
  • Apache Configuration Config
  • cPanel Web Disk Config
  • cPanel Web Services Config
  • Exim Config
  • FTP Server Config
  • Mailserver Config

However still the PCI Flag appears for ports 25, 26, 465, and 587 as still making use of RC4.

Am I missing a cipher configuration location? Thank you.

- Allison