Control Web Panel

WebPanel => Information => Topic started by: itmonitor on April 04, 2020, 10:08:16 PM

Title: Installing cypher suites (keys)
Post by: itmonitor on April 04, 2020, 10:08:16 PM

Hello, I could not find information on how to install cypher keys in CWPanel. Any advice pointing me to the right information is welcome. :-)

Title: Re: Installing cypher suites (keys)
Post by: Sandeep on April 05, 2020, 05:41:28 AM

for what purpose ?

Title: Re: Installing cypher suites (keys)
Post by: itmonitor on April 05, 2020, 11:00:38 AM

Here, so you can learn https://en.wikipedia.org/wiki/Cipher_suite . I moved from a WHM Cpanel into CWPanel and must insert my ssl cyphersuite into CWPanel. Please, can anybody point me to the right direction?

Title: Re: Installing cypher suites (keys)
Post by: ejsolutions on April 05, 2020, 11:15:56 AM

https://bettercrypto.org/

/usr/local/cwpsrv/conf/cwpsrv.conf

Code: [Select]

..
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;
..
Took me about two minutes to find that.  ::)
Note the use of deprecated protocols!

Title: Re: Installing cypher suites (keys)
Post by: Sandeep on April 05, 2020, 11:55:56 AM

you can also use nginx as proxy it will enable default nginx ciphers which i think is enough for you.

Title: Re: Installing cypher suites (keys)
Post by: ejsolutions on April 05, 2020, 11:58:40 AM

After a little more digging, even though OP wasn't concise in asking the question..
Use CWP Admin, Webserver Settings, WebServers conf editor
/usr/local/apache/conf.d/hostname-ssl.conf
Alter as follows:
 

Code: [Select]

..
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
..
Apply the same principal to other vhosts. This will be sufficient for an A rating at SSLLabs and will match up well with the majority of sites, Some older browsers will not be able to access your sites though.

Title: Re: Installing cypher suites (keys)
Post by: itmonitor on April 06, 2020, 05:24:06 PM

ej, thank you very much. You were a bit poetic in my other thread, but I love poems :-) Stay safe and in good health.

Some say the world will end in fire,
Some say in ice.
From what I’ve tasted of desire
I hold with those who favor fire.
- Robert Frost

I will test it and if any issue, I get back here. Thanks!

Title: Re: Installing cypher suites (keys)
Post by: ejsolutions on April 06, 2020, 05:34:14 PM

You're welcome.
Of course, you can individually specify the required protocols.
See your WHM/cPanel for an example:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

[Responses: depends on my mood swings and other recent threads. ;-) ]

Title: Re: Installing cypher suites (keys)
Post by: itmonitor on April 06, 2020, 07:36:40 PM

Hello EJ, thank you. The server is striking A+ now at the SSL Qualys test. :-)