The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to avoid TLS Beast Attack

Discussion in 'Security' started by Mise, Jul 19, 2012.

  1. Mise

    Mise Member

    Joined:
    May 15, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I'm following these steps - Dead Link Removed - to clear the Beast Attack alert appearing in SSlabs test https://www.ssllabs.com/ssltest/index.html

    However, apache cannot restart after adding SSLHonorCipherOrder On inside /usr/local/apache/conf/includes/pre_virtualhost_global.conf

    The apache restarting process hungs and shows points ......... until infinite.

    Here some exits :

    Code:
    # /scripts/rebuildhttpdconf
    info [rebuildhttpdconf] 'local' datastore in use (/var/cpanel/conf/apache/local)
    Initial configuration generation failed with the following message:
    
    An error occurred while running: /usr/local/apache/bin/httpd -DSSL -t -f /usr/local/apache/conf/httpd.conf.work.2B1blzDmJS4A47BB
    Exit signal was: 0
    Exit value was: 1
    Output was:
    ---
    Syntax error on line 1 of /usr/local/apache/conf/includes/pre_virtualhost_global.conf:
    Invalid command 'SSLHonorCipherOrder', perhaps mis-spelled or defined by a module not included in the server configuration
    ---
    
    Rebuilding configuration without any local modifications.
    
    Failed to generate a syntactically correct Apache configuration.
    Bad configuration file located at /usr/local/apache/conf/httpd.conf.work.2B1blzDmJS4A47BB
    Error:
    An error occurred while running: /usr/local/apache/bin/httpd -DSSL -t -f /usr/local/apache/conf/httpd.conf.work.2B1blzDmJS4A47BB
    Exit signal was: 0
    Exit value was: 1
    Output was:
    ---
    Syntax error on line 1 of /usr/local/apache/conf/includes/pre_virtualhost_global.conf:
    Invalid command 'SSLHonorCipherOrder', perhaps mis-spelled or defined by a module not included in the server configuration
    ---
    
    Code:
    # /usr/local/apache/bin/httpd -l
    Compiled in modules:
      core.c
      mod_access.c
      mod_auth.c
      mod_cache.c
      mod_mem_cache.c
      mod_include.c
      mod_log_config.c
      mod_logio.c
      mod_env.c
      mod_expires.c
      mod_headers.c
      mod_unique_id.c
      mod_setenvif.c
      mod_proxy.c
      proxy_connect.c
      proxy_ftp.c
      proxy_http.c
      mod_ssl.c
      prefork.c
      http_core.c
      mod_mime.c
      mod_status.c
      mod_autoindex.c
      mod_asis.c
      mod_info.c
      mod_suexec.c
      mod_cgi.c
      mod_negotiation.c
      mod_dir.c
      mod_imap.c
      mod_actions.c
      mod_userdir.c
      mod_alias.c
      mod_rewrite.c
      mod_so.c
    
    I have recompiled with EasyApache without success.

    Any idea?. :confused:

    I don't understand why SSLHonorCipherOrder is not recognized.

    What's the right way to reinstall mod_ssl?

    -----
    Apache 2.0.64
    PHP 5.2.9
    WHM 11.32.3 (build 21)
    CENTOS 5.8 x86_64 standard on host
     
    #1 Mise, Jul 19, 2012
    Last edited by a moderator: Jun 26, 2015
  2. Mise

    Mise Member

    Joined:
    May 15, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I answer to myself,

    after endless turns the problem was quite simple. The SSLHonorCipherOrder is not valid in Apache 2.0.x . I have upgraded to 2.2 and problem solved.
     
  3. Webinx

    Webinx Member

    Joined:
    Sep 20, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    @Mise - I have the same prob, updating doesn't seem to be working.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you running Apache 2.2 or you are indicating you cannot get Apache 2.2 update to work?

    Please provide the following:

    Code:
    /usr/local/apache/bin/apachectl -v
    ls -lah /var/cpanel/easy_skip_cpanelsync
    If you are showing Apache 2.0 and you aren't able to update, if you do see /var/cpanel/easy_skip_cpanelsync existing, please remove that /var/cpanel/easy_skip_cpanelsync file. It prevents EasyApache from grabbing the latest cPanel updates and might prevent updating to a working version of Apache via EasyApache.

    Thanks!
     
  5. sahostking

    sahostking Well-Known Member

    Joined:
    May 15, 2012
    Messages:
    300
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Cape Town, South Africa
    cPanel Access Level:
    Root Administrator
    I'll test this out later aswell and respond if I have the same issue or not.
     
Loading...

Share This Page