Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    What are the best ciphers for cPanel services?
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    What are the best ciphers for cPanel services?

    AmitzAmitz Member
    edited September 2015 in Help

    Dear all,

    after getting a "B" for my cPanel server at
    https://www.ssllabs.com/ssltest/
    I wanted to tune the cipher settings within WHM for the various services that are reachable via SSL (cPanel/WHM/Webmail Service, Exim, Dovecot, FTP). I searched google a lot, but it was quite impossible to find the most current and secure configuration. Especially if you do not know too much about that topic like I do. Most examples that I found still included RC4 which seems to be no longer recommended.

    Can anyone of you help me out with that - I am sure many of you run cPanel servers and have more knowledge in that field... ;-) Thank you very much in advance!

    Kind regards
    Amitz

    "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    Comments

    • Mozilla:

      Best resource: Mozilla Server Side TLS - Recommended configurations

      You can also use they're generator: Mozilla SSL Configuration Generator

      Raymii:

      An honourable mention to @Raymii's resource: Cipherli.st

      Thanked by 1Amitz
    • AmitzAmitz Member
      edited September 2015

      Thank you, @telephone!

      The ciphersuite

      ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
      

      brought me back to an "A" rating and furthermore adding

      Header add Strict-Transport-Security max-age=31536000
      

      brought back the "A+".

      "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    • I'm using cloudflare cipher-suite (minus chacha20) for my cPanel server

      EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5

      Thanked by 1Amitz

      I make money with Viglink

    • AmitzAmitz Member
      edited September 2015

      This page was helpful for the other services (Exim, Dovecot, FTP), for further reference:
      http://help.directadmin.com/item.php?id=571

      "Actually, throughout my life, my two greatest assets have been mental stability and being, like, really smart.", Stephen Hawking, 2017. Join the Amitz party here.

    Sign In or Register to comment.