Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How To Remove Weak Ciphers

Discussion in 'General Discussion' started by Zardiw, Mar 24, 2019.

  1. Zardiw

    Zardiw Well-Known Member

    Joined:
    Sep 22, 2017
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Palm Springs
    cPanel Access Level:
    Root Administrator
    I've got the latest WHM and Apache I believe.

    However, have been advised I have weak ciphers..

    This is a pretty new server, so it's weird that these ciphers are even on there in the first place.

    How do I fix this please.........and can this be done on a per domain basis?

    TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xC011) 128 ECDH 256-bit (P-256) WEAK (RC4 )
    TLS_RSA_WITH_RC4_128_SHA (0x5) 128 WEAK (RC4 )
    TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 WEAK (RC4 )
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012) 112 ECDH 256-bit (P-256) WEAK (3DES )
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) 112 DH 2048-bit WEAK (3DES )
    TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xA) 112 WEAK (3DES )

    Which shows that there are some Weak Ciphers on your webserver.

    Another site showed these weaknesses:

    ECDHE-RSA-RC4-SHA
    RC4-SHA
    RC4-MD5
    ECDHE-RSA-DES-CBC3-SHA
    EDH-RSA-DES-CBC3-SHA
    DES-CBC3-SHA

    Thank you for any help with this........

    z
     
  2. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,885
    Likes Received:
    120
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Apache > Global configuration > SSL Cipher Suite "default settings should work"
    Exim > Exim Configuration Manager > SSL/TLS Cipher Suite List
    Dovecot > Mailserver Configuration > SSL Cipher List
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Zardiw

    Zardiw Well-Known Member

    Joined:
    Sep 22, 2017
    Messages:
    53
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Palm Springs
    cPanel Access Level:
    Root Administrator
    I think it's already at default...........

    z
     
  4. dothoviet

    dothoviet Registered

    Joined:
    Jan 4, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Việt Nam
    cPanel Access Level:
    Website Owner
    I followed it and made a great thanks
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You can also manually remove ciphers from the default list of ciphers in the locations that @dalem provided though I'd be hesitant about removing ciphers there by default unless necessary.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice