Hi. I'm very much a security novice and I don't manage my server myself (we have a fab hosting company who does most of the work), however I want to understand this a bit better. I am wanting to enhance the encryption on the websites on our server. I read a great article on moving a website to fully SSL by Yoast which went through recommended settings in order to get a grade A+ on SSLLabs. 1) I want to enable OCSP stapling as in this article. In the article by Yoast, he says: In order to enable OCSP stapling, you need Apache 2.3.3 and later plus OpenSSL 0.9.8h. Does cPanel work with Apache 2.3 or 2.4? 2) I'd like to offer full support for "SPDY". When using the checker at spdycheck.org it said the NPN Extension was missing in the SSL/TLS Handshake. Does cPanel work with the NPN Extension and full support with SPDY? 3) The cypher suites that are used in WHM (at least in our installation) seem not be the best. Yoast uses the following: Code: ssl_prefer_server_ciphers On; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; Steve Gibson (of GRC and Security Now) seems to be using very similar one. How do I go about enhancing this?