All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What are the best ciphers for cPanel services?
Dear all,
after getting a "B" for my cPanel server at
https://www.ssllabs.com/ssltest/
I wanted to tune the cipher settings within WHM for the various services that are reachable via SSL (cPanel/WHM/Webmail Service, Exim, Dovecot, FTP). I searched google a lot, but it was quite impossible to find the most current and secure configuration. Especially if you do not know too much about that topic like I do. Most examples that I found still included RC4 which seems to be no longer recommended.
Can anyone of you help me out with that - I am sure many of you run cPanel servers and have more knowledge in that field... ;-) Thank you very much in advance!
Kind regards
Amitz
Comments
Mozilla:
Best resource: Mozilla Server Side TLS - Recommended configurations
You can also use they're generator: Mozilla SSL Configuration Generator
Raymii:
An honourable mention to @Raymii's resource: Cipherli.st
Thank you, @telephone!
The ciphersuite
brought me back to an "A" rating and furthermore adding
brought back the "A+".
I'm using cloudflare cipher-suite (minus chacha20) for my cPanel server
EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
This page was helpful for the other services (Exim, Dovecot, FTP), for further reference:
http://help.directadmin.com/item.php?id=571