SOLVED Locked out of WHM (SSLCipherSuite/SSLProtocol)

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Hi guys,

I did exactly what cPanel Documentation said to be super cautious of if you're not an advanced user, which was editing the SSLCipherSuite and SSLProtocol in Home >> Service Configuration >> cPanel Web Services Configuration

I thought I had it right, so I saved the configuration I set which was:

SSLCipherSuite:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!DSS:!EXP:!CAMELLIA:!DES:!MD5:!PSK:!RC4

SSLProtocol:
TLSv1.2

In hind sight, I don't really know what that level of security would prevent. I just figured it is secure and as long as my browser is the latest then I should've been fine. Apparently not :p

Could anyone tell me where I'd restore the defaults? (as I have root access via SSH still)

Thanks in advance!
 

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Additional query - Can anyone tell me why it happened?

Firefox says:
An error occurred during a connection to srv.domain.com:2083. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"

I understand that the browser and server couldn't agree on an encryption algorithm, but would anyone be able to explain the technical side of that? (because I thought latest browsers would support TLSv1.2 and the stronger cipher suites I had, so it'd be good to know what went wrong)
 

ItsMattSon

Well-Known Member
Sep 5, 2016
182
38
103
Perth
cPanel Access Level
Root Administrator
Thanks for the suggestion. Thought it might be a simple config cipher edit back to defaults somewhere but I guess not :p

I've rolled my server back to a snapshot I took one day before, so problem solved. Thanks
 
  • Like
Reactions: cPanelMichael