Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What are the best ciphers for cPanel services?

AmitzAmitz Member
edited September 2015 in Help

Dear all,

after getting a "B" for my cPanel server at
https://www.ssllabs.com/ssltest/
I wanted to tune the cipher settings within WHM for the various services that are reachable via SSL (cPanel/WHM/Webmail Service, Exim, Dovecot, FTP). I searched google a lot, but it was quite impossible to find the most current and secure configuration. Especially if you do not know too much about that topic like I do. Most examples that I found still included RC4 which seems to be no longer recommended.

Can anyone of you help me out with that - I am sure many of you run cPanel servers and have more knowledge in that field... ;-) Thank you very much in advance!

Kind regards
Amitz

Comments

  • telephonetelephone Member

    Mozilla:

    Best resource: Mozilla Server Side TLS - Recommended configurations

    You can also use they're generator: Mozilla SSL Configuration Generator

    Raymii:

    An honourable mention to @Raymii's resource: Cipherli.st

    Thanked by 1Amitz
  • AmitzAmitz Member
    edited September 2015

    Thank you, @telephone!

    The ciphersuite

    ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

    brought me back to an "A" rating and furthermore adding

    Header add Strict-Transport-Security max-age=31536000

    brought back the "A+".

  • jemekitejemekite Member

    I'm using cloudflare cipher-suite (minus chacha20) for my cPanel server

    EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5

    Thanked by 1Amitz
  • AmitzAmitz Member
    edited September 2015

    This page was helpful for the other services (Exim, Dovecot, FTP), for further reference:
    http://help.directadmin.com/item.php?id=571

Sign In or Register to comment.