Skip to main content
We are aware of an issue after updating to cPanel versions 11.110.0.65, 11.126.0.21, or 11.128.0.11, some cPanel plugins or features are no longer functioning properly including WP Toolkit. Please see the following article for more information and updates:
Update to latest cPanel 110, 126, or 128 versions removes "addonfeatures" directory.

How to disable cipher block chaining encryption

Austin Lowery
  • Updated

Introduction

Disabling the Cipher Block Chaining (CBC) encryption is done by modifying the cipher configuration within your SSH configuration. You may be asked to do this to comply with certain compliance scans.

Please note that the cPanel software does not have any tools to manage the SSH configuration directly. Changes made to SSH can alter your ability to connect to the server. If you have any concerns about applying these changes, we recommend you consult with your System Administrator. If you lose access to your server due to a misconfiguration in SSH, you may need to contact your hosting provider to restore it.

 

Procedure

  1. Connect to your server through SSH as the root user
  2. Make a backup of your SSHd configuration to use in case of unexpected results: 
    cp -v /etc/ssh/sshd_config{,.$( date +%Y%m%d )}
  3. Using your preferred text editor, open your SSH configuration: 
    /etc/ssh/sshd_config
  4. Locate the "Ciphers" line. It may look something like this: 
    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
  5. Remove the following ciphers from the list if they are present: 
    arcfour
    arcfour128
    arcfour25
    aes128-cbc
    3des-cbc
    blowfish-cbc
    cast128-cbc
    aes192-cbc
    aes256-cbc
  6. Save your changes and restart the SSHd service: 
    /scripts/restartsrv_sshd
  7. Your changes should be applied. You can use the following command to verify the currently active ciphers in your SSH configuration: 
    sshd -T | grep ciphers

Related articles

Comments

0 comments

Article is closed for comments.