Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED HTTP 2 with SSL

Discussion in 'Security' started by vlee, Jul 20, 2017.

Tags:
  1. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    336
    Likes Received:
    18
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    When you run a SSL Server Test on the domain that is running HTTP 2 with an SSL it comes up with Server negotiated HTTP/2 with blacklisted suite

    Also browsers crash when you pull up a website HTTP 2 with SSL and you have refresh the page and website comes up fine.

    So I have been searching for new SSL Cipher Suite that works with HTTP 2 that complies to
    HIPAA and not found one yet.

    My current SSL Cipher Suite is

    Code:
    ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES256-SHA256:AES256-GCM-SHA384:AES256-SHA:AES128-SHA256:AES128-GCM-SHA256:AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES256-GCM-SHA384:DH-DSS-AES128-SHA:DH-DSS-AES256-SHA:DH-DSS-AES128-SHA256:DH-DSS-AES256-SHA256:DH-DSS-AES128-GCM-SHA256:DH-DSS-AES256-GCM-SHA384:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GCM-SHA384
    Those who have any ideas let me know.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    336
    Likes Received:
    18
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    I will read up on this and try to modify my current SSL Cipher Suite

    Code:
    ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:AES256-SHA256:AES256-GCM-SHA384:AES256-SHA:AES128-SHA256:AES128-GCM-SHA256:AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES256-GCM-SHA384:DH-DSS-AES128-SHA:DH-DSS-AES256-SHA:DH-DSS-AES128-SHA256:DH-DSS-AES256-SHA256:DH-DSS-AES128-GCM-SHA256:DH-DSS-AES256-GCM-SHA384:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GCM-SHA384
     
  4. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    336
    Likes Received:
    18
    Trophy Points:
    168
    Location:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    Ok the new SSL Cipher Suite is

    Code:
    EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA
    This works with HTTP 2 above no weak SSL Cipher's
     
    cPanelMichael likes this.
Loading...

Share This Page