How To Remove Weak Ciphers

Zardiw

• March 24, 2019 09:14

I've got the latest WHM and Apache I believe. However, have been advised I have weak ciphers.. This is a pretty new server, so it's weird that these ciphers are even on there in the first place. How do I fix this please.........and can this be done on a per domain basis? TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xC011) 128 ECDH 256-bit (P-256) WEAK (RC4 ) TLS_RSA_WITH_RC4_128_SHA (0x5) 128 WEAK (RC4 ) TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 WEAK (RC4 ) TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012) 112 ECDH 256-bit (P-256) WEAK (3DES ) TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) 112 DH 2048-bit WEAK (3DES ) TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xA) 112 WEAK (3DES ) Which shows that there are some Weak Ciphers on your webserver. Another site showed these weaknesses: ECDHE-RSA-RC4-SHA RC4-SHA RC4-MD5 ECDHE-RSA-DES-CBC3-SHA EDH-RSA-DES-CBC3-SHA DES-CBC3-SHA Thank you for any help with this........ z

• 

  dalem

  • March 24, 2019 16:15

  Apache > Global configuration > SSL Cipher Suite "default settings should work" Exim > Exim Configuration Manager > SSL/TLS Cipher Suite List Dovecot > Mailserver Configuration > SSL Cipher List

  0
• 

  dothoviet

  • March 26, 2019 06:12

  I followed it and made a great thanks

  0
• 

  cPanelLauren

  • March 27, 2019 16:49

  You can also manually remove ciphers from the default list of ciphers in the locations that @dalem provided though I'd be hesitant about removing ciphers there by default unless necessary.

  0

Please sign in to leave a comment.