Author Topic: Installing cypher suites (keys)  (Read 5959 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Installing cypher suites (keys)
« on: April 04, 2020, 10:08:16 PM »
Hello, I could not find information on how to install cypher keys in CWPanel. Any advice pointing me to the right information is welcome. :-)

Offline
*****
Re: Installing cypher suites (keys)
« Reply #1 on: April 05, 2020, 05:41:28 AM »
for what purpose ?

Offline
*
Re: Installing cypher suites (keys)
« Reply #2 on: April 05, 2020, 11:00:38 AM »
Here, so you can learn https://en.wikipedia.org/wiki/Cipher_suite . I moved from a WHM Cpanel into CWPanel and must insert my ssl cyphersuite into CWPanel. Please, can anybody point me to the right direction?

Re: Installing cypher suites (keys)
« Reply #3 on: April 05, 2020, 11:15:56 AM »
https://bettercrypto.org/

/usr/local/cwpsrv/conf/cwpsrv.conf
Code: [Select]
..
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;
..
Took me about two minutes to find that.  ::)
Note the use of deprecated protocols!
« Last Edit: April 05, 2020, 11:23:48 AM by ejsolutions »

Offline
*****
Re: Installing cypher suites (keys)
« Reply #4 on: April 05, 2020, 11:55:56 AM »
you can also use nginx as proxy it will enable default nginx ciphers which i think is enough for you.

Re: Installing cypher suites (keys)
« Reply #5 on: April 05, 2020, 11:58:40 AM »
After a little more digging, even though OP wasn't concise in asking the question..
Use CWP Admin, Webserver Settings, WebServers conf editor
/usr/local/apache/conf.d/hostname-ssl.conf
Alter as follows:
 
Code: [Select]
..
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
..
Apply the same principal to other vhosts. This will be sufficient for an A rating at SSLLabs and will match up well with the majority of sites, Some older browsers will not be able to access your sites though.
« Last Edit: April 05, 2020, 12:04:14 PM by ejsolutions »

Offline
*
Re: Installing cypher suites (keys)
« Reply #6 on: April 06, 2020, 05:24:06 PM »
ej, thank you very much. You were a bit poetic in my other thread, but I love poems :-) Stay safe and in good health.

Some say the world will end in fire,
Some say in ice.
From what I’ve tasted of desire
I hold with those who favor fire.
- Robert Frost

I will test it and if any issue, I get back here. Thanks!

Re: Installing cypher suites (keys)
« Reply #7 on: April 06, 2020, 05:34:14 PM »
You're welcome.
Of course, you can individually specify the required protocols.
See your WHM/cPanel for an example:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

[Responses: depends on my mood swings and other recent threads. ;-) ]
« Last Edit: April 06, 2020, 05:38:39 PM by ejsolutions »

Offline
*
Re: Installing cypher suites (keys)
« Reply #8 on: April 06, 2020, 07:36:40 PM »
Hello EJ, thank you. The server is striking A+ now at the SSL Qualys test. :-)