Server Cipher Order enforcement

sparek-3

Well-Known Member
Aug 10, 2002
2,007
222
368
cPanel Access Level
Root Administrator
Should SSLHonorCipherOrder (Apache) and ssl_prefer_server_ciphers (Dovecot) be configurable options in cPanel? This would allow the server to dictate the preferred cipher order for both services.

This can be accomplished in Exim by adding +cipher_server_preference to the openssl_options directive, but for Apache and Dovecot these are two different options. And these options don't appear to be configurable in the Apache cPanel JSON file or the Dovecot cPanel YAML file.

I guess you can do Apache through one of the include files. I don't know of any other way to enable this in Dovecot other than a direct edit of /etc/dovecot/ssl.conf which would get overwritten on each Dovecot configuration rebuild.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,781
590
273
cPanel Access Level
Root Administrator
Hey there! For the Dovecot option, we have documentation on how to add customizations like that setting at the bottom of this page:


For Apache, you would need to use an include file. If you'd like to see that added to the main configuration in the interface it might be good to submit a feature request.