Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mitigating the BEAST attack

Discussion in 'Security' started by HTF1, Apr 14, 2014.

  1. HTF1

    HTF1 Registered

    Joined:
    Apr 14, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I've changed the SSL Cipher Suite to PCI recommended via Apache global configuration and then I included settings listed below into '/usr/local/apache/conf/includes/pre_main_global.conf':

    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLHonorCipherOrder On
    SSLInsecureRenegotiation Off

    Apache was restarted afterwards:

    /usr/local/cpanel/bin/build_apache_conf
    /etc/init.d/httpd restart

    - however the server is still failing Global Sign test:

    https://sslcheck.globalsign.com/en_US/

    "Sessions may be vulnerable to BEAST attack
    Attackers may be able to decrypt the encrypted SSL traffic"

    Server details:
    RHEL 5.10
    cPanel 11.40.1 (build 9)
    openssl-0.9.8e-27
    Apache/2.2.27

    Is there anything else that I can do in order to eliminate this vulnerability?

    Regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,322
    Likes Received:
    1,851
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you elaborate if it's Apache that's failing the scan, or another service? Note the following post might be of help:

    Beast TLS Vulnerability

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. HTF1

    HTF1 Registered

    Joined:
    Apr 14, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    Thanks for your help. It looks like the cipher suite from the link you posted solved my problem.

    Regards
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice