Skip to main content

SSL Cipher Suite and include editor help

digitaliway
I changed the cipher suite in an attempt to get an A Rating or close with SSL labs but I am getting a B and need some advice. after changing the SSL Cipher Suite order I think I need to add -- SSLHonorCipherOrder on -- to PRE MAIN INCLUDE located under Home -> Service Configuration -> Apache Configuration -> Include Editor If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL? is it possible to remove text entries to Pre main after I add them and how do I do that? TLSv1.2 is set to default and half the sites on the server are http not https so I just want to be sure both operate and do not force all to https. The message I get after the ssl test is below. This server does not support Forward Secrecy with the reference browsers. Grade capped to B

Comments

2 comments

Date Votes
  • cPanelLauren
    Hi @digitaliway The response you received: [QUOTE]This server does not support Forward Secrecy with the reference browsers.
    indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: The server does not support Forward Secrecy wit... | Qualys Community As far as SSLHonorCipherOrder being added to the pre main VirtualHost include:
    If I add "SSLHonorCipherOrder on" to Pre main will that cause any issues to site displaying NON SSL?

    No, it shouldn't, this just sets the preference. Per the apache documentation here: mod_ssl - Apache HTTP Server Version 2.4 [QUOTE] When choosing a cipher during an SSLv3 or TLSv1 handshake, normally the client's preference is used. If this directive is enabled, the server's preference will be used instead.
    is it possible to remove text entries to Pre main after I add them and how do I do that?

    You'd remove them the same way you added them, you might want to read the documentation here before making any modifications: Include Editor - Version 84 Documentation - cPanel Documentation
    0
  • digitaliway
    Hi @digitaliway The response you received: indicates the issue is capped to a B because you're not supporting forward secrecy with the browsers they're using for reference. They have a pretty good discussion on this here: mod_ssl - Apache HTTP Server Version 2.4 You'd remove them the same way you added them, you might want to read the documentation here before making any modifications:
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post