I used an SSL server testing tool and the report said my server does not support Forward Secrecy. How can I update my SSL Cipher Suite to support Forward Secrecy?
As described in the official Apache documentation, it is imperative that your server has perfect Forward Secrecy in order to ensure that even if your server's private key is compromised, no prior communications are exposed.
Generally, enabling Forward Secrecy is a simple matter of using an SSL/TLS Cipher Suite that supports it. The default Apache configuration for a cPanel server utilizes a Cipher Suite that supports Forward Secrecy. It is the same Cipher Suite provided in the official Apache documentation on the page I linked above.
However, older servers and servers that have been customized may no longer support Forward Secrecy. If you need to update your Apache configuration, you can do so via the Home >> Service Configuration >> Apache Configuration >> Global Configuration page in WHM:
The following 3rd party resources provide great examples of SSL/TLS Cipher Suites that support Forward Secrecy: