SSL Labs A+ Rating - Ideal settings

shoulders

• August 08, 2019 11:39

Hi I am a newbie to ciphers and the like but I would like to score A+ on SSL Labs but the default settings of cPanel do not achieve this. I also want to make the other services really secure but I have not found a cheatsheet with them all on. Does anyone have an upto date/custom/official set of configurations of the following settings so I can secure my server (cPanel v82.0.7) to modern standards: Apache

• Home "Service Configuration "Apache Configuration "Global Configuration " SSL Cipher Suite
• Home "Service Configuration "Apache Configuration "Global Configuration " SSL/TLS Protocols

cPanel Web Disk

• Home "Service Configuration "cPanel Web Disk Configuration"TLS/SSL Cipher Suite
• Home "Service Configuration "cPanel Web Disk Configuration"TLS/SSL Protocols

cPanel Web Services

• Home "Service Configuration "cPanel Web Services Configuration"TLS/SSL Cipher List
• Home "Service Configuration "cPanel Web Services Configuration"TLS/SSL Protocols

Exim

• Home "Service Configuration "Exim Configuration Manager "Options for OpenSSL
• Home "Service Configuration "Exim Configuration Manager "SSL/TLS Cipher Suite List

FTP

• Home "Service Configuration "FTP Server Configuration "TLS Encryption Support
• Home "Service Configuration "FTP Server Configuration "TLS Cipher Suite

Mail Server

• Home "Service Configuration "Mailserver Configuration "SSL Cipher List
• Home "Service Configuration "Mailserver Configuration "SSL Minimum Protocol

Thanks Shoulders

• 

  LucasRolff

  • August 08, 2019 19:50

  You can follow the settings listed on Cipherli.st - Strong ciphers for Apache, nginx and Lighttpd - it will list the recommended modern settings that should be used to get an A+. However, be aware that it will drop support for certain older clients.

  0
• 

  shoulders

  • August 08, 2019 19:53

  thanks for the info, but I was kind of hoping for a big list to drop in becasue I amn new to this. I am sure it would attract a lot of attention similiar to this: zerosandones.co.uk/cpanel-pci-compliance/

  0
• 

  cPanelMichael

  • August 08, 2019 21:29

  I also want to make the other services really secure but I have not found a cheatsheet with them all on.

  
  I don't have a specific list to share with you in terms of getting A+ certified on SSL Labs, but the links on the document below are worth a read if you're interested in learning about security: The team behind cPanel University works tirelessly to put out some really helpful training courses. Best of all, it's free. Thank you.

  0

Please sign in to leave a comment.