The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to disable anonymous (insecure) suites ? Ref: SSLLABS

Discussion in 'Security' started by fajryassin, Oct 5, 2014.

  1. fajryassin

    fajryassin Registered

    Joined:
    Oct 5, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Beirut, Lebanon, Lebanon
    cPanel Access Level:
    Root Administrator
    I have Installed a SSL Certificate for Cpanel/WHM it's installed correctly when checking at ssllabs.com/ssltest I get the following error :

    This server supports anonymous (insecure) suites (see below for details). Grade set to F.

    Cipher Suites (sorted by strength; the server has no preference)
    PHP:
    TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)   INSECURE    128
    TLS_ECDH_anon_WITH_AES_128_CBC_SHA 
    (0xc018)   INSECURE    128
    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 
    (0xc017)   INSECURE    112
    TLS_ECDH_anon_WITH_AES_256_CBC_SHA 
    (0xc019)   INSECURE     256
    TLS_ECDH_anon_WITH_RC4_128_SHA 
    (0xc016)   INSECURE    128
    TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA 
    (0xc017)   INSECURE    112
    TLS_ECDH_anon_WITH_AES_128_CBC_SHA 
    (0xc018)   INSECURE          128
    TLS_ECDH_anon_WITH_AES_256_CBC_SHA 
    (0xc019)   INSECURE     256
    this is it:
    /https://www.ssllabs.com/ssltest/analyze.html?d=lebwindow.net
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can browse to the following option in Web Host Manager:

    "WHM Home » Service Configuration » Apache Configuration » Global Configuration"

    Use the following cipher under "SSL Cipher Suite" to disable anonymous ciphers:

    Code:
    ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL
    Thank you.
     
Loading...

Share This Page