SOLVED SSL Cipher Suite and include editor help

digitaliway

Active Member
Feb 17, 2015
25
2
3
cPanel Access Level
Root Administrator
I changed the cipher suite in an attempt to get an A Rating or close with SSL labs but I am getting a B and need some advice.

after changing the SSL Cipher Suite order I think I need to add -- SSLHonorCipherOrder on -- to PRE MAIN INCLUDE located under Home -> Service Configuration -> Apache Configuration -> Include Editor

If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL?

is it possible to remove text entries to Pre main after I add them and how do I do that?

TLSv1.2 is set to default and half the sites on the server are http not https so I just want to be sure both operate and do not force all to https.

The message I get after the ssl test is below.
This server does not support Forward Secrecy with the reference browsers.
Grade capped to B
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,250
313
Houston
Hi @digitaliway

The response you received:
This server does not support Forward Secrecy with the reference browsers.
indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: The server does not support Forward Secrecy wit... | Qualys Community

As far as SSLHonorCipherOrder being added to the pre main VirtualHost include:
If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL?
No, it shouldn't, this just sets the preference. Per the apache documentation here: mod_ssl - Apache HTTP Server Version 2.4
When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.
is it possible to remove text entries to Pre main after I add them and how do I do that?
You'd remove them the same way you added them, you might want to read the documentation here before making any modifications: Include Editor - Version 84 Documentation - cPanel Documentation
 

digitaliway

Active Member
Feb 17, 2015
25
2
3
cPanel Access Level
Root Administrator
Hi @digitaliway

The response you received: indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: The server does not support Forward Secrecy wit... | Qualys Community

As far as SSLHonorCipherOrder being added to the pre main VirtualHost include:

No, it shouldn't, this just sets the preference. Per the apache documentation here: mod_ssl - Apache HTTP Server Version 2.4




You'd remove them the same way you added them, you might want to read the documentation here before making any modifications: Include Editor - Version 84 Documentation - cPanel Documentation
thank you for the information. With this info I was able to make the adjustments and now have an "A" rating.
 
  • Like
Reactions: cPanelLauren