Server Cipher Order enforcement

sparek-3 · Mar 23, 2021

Should SSLHonorCipherOrder (Apache) and ssl_prefer_server_ciphers (Dovecot) be configurable options in cPanel? This would allow the server to dictate the preferred cipher order for both services.

This can be accomplished in Exim by adding +cipher_server_preference to the openssl_options directive, but for Apache and Dovecot these are two different options. And these options don't appear to be configurable in the Apache cPanel JSON file or the Dovecot cPanel YAML file.

I guess you can do Apache through one of the include files. I don't know of any other way to enable this in Dovecot other than a direct edit of /etc/dovecot/ssl.conf which would get overwritten on each Dovecot configuration rebuild.

cPRex · Mar 24, 2021

Hey there! For the Dovecot option, we have documentation on how to add customizations like that setting at the bottom of this page:

Mailserver Configuration | cPanel & WHM Documentation

This interface allows you to configure the POP3 and IMAP protocols that the Dovecot mail servers use.

docs.cpanel.net

For Apache, you would need to use an include file. If you'd like to see that added to the main configuration in the interface it might be good to submit a feature request.

sparek-3 · Mar 25, 2021

Indeed, this will work.

Thanks!

cPRex · Mar 26, 2021

Sure thing!

Thread starter	Similar threads	Forum	Replies	Date
C	ConfigServer Security & Firewall remove autostart	Security	3	Saturday at 4:17 PM
L	Server getting slammed with PHP and Emails	Security	4	Jul 10, 2023
B	Server's own IP in cpHulk reporting system cpaneld auth failure?	Security	13	May 13, 2023
D	Security tools for Linux servers	Security	3	Mar 22, 2023
S	Cipher Suite for Windows Server 2003 SP2	Security	2	Aug 17, 2016

Search

Search

Server Cipher Order enforcement

sparek-3

Well-Known Member

cPRex

Jurassic Moderator