Question
I used an SSL server testing tool and the report said my server does not support Forward Secrecy. How can I update my SSL Cipher Suite to support Forward Secrecy?
Answer
As described in the official Apache documentation, it is imperative that your server has perfect Forward Secrecy in order to ensure that even if your server's private key is compromised, no prior communications are exposed.
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
Generally, enabling Forward Secrecy is a simple matter of using an SSL/TLS Cipher Suite that supports it. The default Apache configuration for a cPanel server utilizes a Cipher Suite that supports Forward Secrecy. It is the same Cipher Suite provided in the official Apache documentation on the page I linked above.
However, older servers and servers that have been customized may no longer support Forward Secrecy. If you need to update your Apache configuration, you can do so via the Home >> Service Configuration >> Apache Configuration >> Global Configuration page in WHM:
https://docs.cpanel.net/whm/service-configuration/global-configuration/
The following 3rd party resources provide great examples of SSL/TLS Cipher Suites that support Forward Secrecy: