SOLVED SSL Cipher Suite and include editor help

D

digitaliway

Active Member
Feb 17, 2015
33
3
58
cPanel Access Level
Root Administrator
I changed the cipher suite in an attempt to get an A Rating or close with SSL labs but I am getting a B and need some advice.

after changing the SSL Cipher Suite order I think I need to add -- SSLHonorCipherOrder on -- to PRE MAIN INCLUDE located under Home -> Service Configuration -> Apache Configuration -> Include Editor

If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL?

is it possible to remove text entries to Pre main after I add them and how do I do that?

TLSv1.2 is set to default and half the sites on the server are http not https so I just want to be sure both operate and do not force all to https.

The message I get after the ssl test is below.
This server does not support Forward Secrecy with the reference browsers.
Grade capped to B
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,301
363
Houston
Hi @digitaliway

The response you received:
This server does not support Forward Secrecy with the reference browsers.
Click to expand...
indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: The server does not support Forward Secrecy wit... | Qualys Community

As far as SSLHonorCipherOrder being added to the pre main VirtualHost include:
digitaliway said:
If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL?
Click to expand...
No, it shouldn't, this just sets the preference. Per the apache documentation here: mod_ssl - Apache HTTP Server Version 2.4
When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.
Click to expand...
digitaliway said:
is it possible to remove text entries to Pre main after I add them and how do I do that?
Click to expand...
You'd remove them the same way you added them, you might want to read the documentation here before making any modifications: Include Editor - Version 84 Documentation - cPanel Documentation
 
D

digitaliway

Active Member
Feb 17, 2015
33
3
58
cPanel Access Level
Root Administrator
cPanelLauren said:
Hi @digitaliway

The response you received: indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: The server does not support Forward Secrecy wit... | Qualys Community

As far as SSLHonorCipherOrder being added to the pre main VirtualHost include:

No, it shouldn't, this just sets the preference. Per the apache documentation here: mod_ssl - Apache HTTP Server Version 2.4




You'd remove them the same way you added them, you might want to read the documentation here before making any modifications: Include Editor - Version 84 Documentation - cPanel Documentation
Click to expand...
thank you for the information. With this info I was able to make the adjustments and now have an "A" rating.
 
  • Like
Reactions: cPanelLauren
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M SSL Medium Strength CipherSuites Supported(SWEET32) Security 5
M SSL Cipher Suite question Security 5
vlee Apache Pre VirtualHost Include and SSL Cipher Suite cPanel Config Security 3
I SOLVED Locked out of WHM (SSLCipherSuite/SSLProtocol) Security 5
C sslciphersuite question Security 2
Similar threads
SSL Medium Strength CipherSuites Supported(SWEET32)
SSL Cipher Suite question
Apache Pre VirtualHost Include and SSL Cipher Suite cPanel Config
SOLVED Locked out of WHM (SSLCipherSuite/SSLProtocol)
sslciphersuite question
Top Bottom