Control Web Panel
WebPanel => Information => Topic started by: itmonitor on April 04, 2020, 10:08:16 PM
-
Hello, I could not find information on how to install cypher keys in CWPanel. Any advice pointing me to the right information is welcome. :-)
-
for what purpose ?
-
Here, so you can learn https://en.wikipedia.org/wiki/Cipher_suite . I moved from a WHM Cpanel into CWPanel and must insert my ssl cyphersuite into CWPanel. Please, can anybody point me to the right direction?
-
https://bettercrypto.org/
/usr/local/cwpsrv/conf/cwpsrv.conf
..
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
..
Took me about two minutes to find that. ::)
Note the use of deprecated protocols!
-
you can also use nginx as proxy it will enable default nginx ciphers which i think is enough for you.
-
After a little more digging, even though OP wasn't concise in asking the question..
Use CWP Admin, Webserver Settings, WebServers conf editor
/usr/local/apache/conf.d/hostname-ssl.conf
Alter as follows:
..
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
..
Apply the same principal to other vhosts. This will be sufficient for an A rating at SSLLabs and will match up well with the majority of sites, Some older browsers will not be able to access your sites though.
-
ej, thank you very much. You were a bit poetic in my other thread, but I love poems :-) Stay safe and in good health.
Some say the world will end in fire,
Some say in ice.
From what I’ve tasted of desire
I hold with those who favor fire.
- Robert Frost
I will test it and if any issue, I get back here. Thanks!
-
You're welcome.
Of course, you can individually specify the required protocols.
See your WHM/cPanel for an example:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
[Responses: depends on my mood swings and other recent threads. ;-) ]
-
Hello EJ, thank you. The server is striking A+ now at the SSL Qualys test. :-)