Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Locked out of WHM (SSLCipherSuite/SSLProtocol)

Discussion in 'Security' started by ItsMattSon, Oct 25, 2016.

Tags:
  1. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Hi guys,

    I did exactly what cPanel Documentation said to be super cautious of if you're not an advanced user, which was editing the SSLCipherSuite and SSLProtocol in Home >> Service Configuration >> cPanel Web Services Configuration

    I thought I had it right, so I saved the configuration I set which was:

    SSLCipherSuite:
    ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!DSS:!EXP:!CAMELLIA:!DES:!MD5:!PSK:!RC4

    SSLProtocol:
    TLSv1.2

    In hind sight, I don't really know what that level of security would prevent. I just figured it is secure and as long as my browser is the latest then I should've been fine. Apparently not :p

    Could anyone tell me where I'd restore the defaults? (as I have root access via SSH still)

    Thanks in advance!
     
  2. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Additional query - Can anyone tell me why it happened?

    Firefox says:
    An error occurred during a connection to srv.domain.com:2083. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"

    I understand that the browser and server couldn't agree on an encryption algorithm, but would anyone be able to explain the technical side of that? (because I thought latest browsers would support TLSv1.2 and the stronger cipher suites I had, so it'd be good to know what went wrong)
     
  3. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    752
    Likes Received:
    11
    Trophy Points:
    143
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    Could I get you to file a ticket with our support team? This is likely going to involve some specifics that relate to your server or the certificate.

    Thanks!
     
  4. ItsMattSon

    ItsMattSon Well-Known Member

    Joined:
    Sep 5, 2016
    Messages:
    140
    Likes Received:
    29
    Trophy Points:
    28
    Location:
    Perth
    cPanel Access Level:
    Root Administrator
    Thanks for the suggestion. Thought it might be a simple config cipher edit back to defaults somewhere but I guess not :p

    I've rolled my server back to a snapshot I took one day before, so problem solved. Thanks
     
    cPanelMichael likes this.
Loading...

Share This Page