SOLVED Locked out of WHM (SSLCipherSuite/SSLProtocol)

[ItsMattSon]

Hi guys,

I did exactly what cPanel Documentation said to be super cautious of if you're not an advanced user, which was editing the SSLCipherSuite and SSLProtocol in Home >> Service Configuration >> cPanel Web Services Configuration

I thought I had it right, so I saved the configuration I set which was:

SSLCipherSuite:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!DSS:!EXP:!CAMELLIA:!DES:!MD5:!PSK:!RC4

SSLProtocol:
TLSv1.2

In hind sight, I don't really know what that level of security would prevent. I just figured it is secure and as long as my browser is the latest then I should've been fine. Apparently not :p

Could anyone tell me where I'd restore the defaults? (as I have root access via SSH still)

Thanks in advance!

 

[ItsMattSon]

Additional query - Can anyone tell me why it happened?

Firefox says:
An error occurred during a connection to srv.domain.com:2083. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"

I understand that the browser and server couldn't agree on an encryption algorithm, but would anyone be able to explain the technical side of that? (because I thought latest browsers would support TLSv1.2 and the stronger cipher suites I had, so it'd be good to know what went wrong)

 

[Eric]

Howdy,

Could I get you to file a ticket with our support team? This is likely going to involve some specifics that relate to your server or the certificate.

Thanks!

 

[ItsMattSon]

Thanks for the suggestion. Thought it might be a simple config cipher edit back to defaults somewhere but I guess not :p

I've rolled my server back to a snapshot I took one day before, so problem solved. Thanks

 

[NexLev]

I believe this is what the Original Poster was asking for.

On the "Home >> Service Configuration >> cPanel Web Services Configuration" page I edited the " TLS/SSL Protocols " text field. When I did this, I was no longer able to log in to WHM or cPanel. When I would try to, I would get this error in Edge/Chrome: ERR_SSL_PROTOCOL_ERROR

This is what I did to resolve this problem ...

STEP 1:
I logged in via ssh

STEP 2:
I opened the "ssl_socket_args" file using the nano file editor:
nano var/cpanel/conf/cpsrvd/ssl_socket_args

STEP 3:
I then edited (fixed) this line and saved my changes:
SSL_version=!SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1

STEP 4:
I then recompiled Apache, restarted the apache service, and restarted the cpanel service ... all with this one line command:
/scripts/buildhttpdconf; service httpd restart; service cpanel restart


After following these steps, I was able to login to WHM and cPanel again.

Hope this helps.

 

[cPanelAnthony]

Thank you for letting us know your resolution!