TLSv1_1 : RC4-SHA

TLSv1_1 : RC4-MD5

TLSv1_2 : RC4-SHA

TLSv1_2 : RC4-MD5

TLSv1_1 : DES-CBC3-SHA

TLSv1_2 : DES-CBC3-SHA

Here are my current settings in WHM > Service Configuration > cPanel Web Services Configuration:

TLS/SSL Cipher List:

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DES:!3DES:!RC4:!MD5:!RC4-SHA:!RC4-MD5:!DES-CBC3-SHA:!DSS

TLS/SSL Protocols:

SSLv23:!SSLv2:!SSLv3:!TLSv1

You can see at the end of this cipher list where I have excluded the offending ciphers.

I have tried many, many combinations of ciphers, not only in this Web Services Config, but also in Apache Global Config settings. Regardless of what I try I can't get rid of these pci failing ciphers.

Here is my openssl version:

root [/]# rpm -qa | grep openssl

openssl-devel-1.0.1e-60.el7.x86_64

openssl-libs-1.0.1e-60.el7.x86_64

openssl-1.0.1e-60.el7.x86_64

root [/]# _

Could there be a cipher config file somewhere that is overriding my settings?

Could this be a false positive?

Not sure what to try next. Any suggestions?

Thx,

SJR