Trying to get rid of RC4 encryption in WHM
So in short, the current version of Firefox is blocking access to one of my sites (domain.com) because it's using RC4 encryption. Reading up on the subject, I can understand why. The problem is, I can't for the life of me figure out what I'm doing wrong in changing it to -stop- using RC4. I am hosting through Bluehost at VPS level, which means I have access to WHM. Via Include Editor and what information I have on the subject, I have changed the Pre Main Includes for All Versions to have the following:
...because supposedly, that was an optimum security configuration (and most importantly, has no mention at all of RC4 in the first place. Doesn't work - according to tests, it still uses RC4. Likewise, using Global Configuration and entering that line in SSLCipherSuite, while accepted, still doesn't work. I've asked Bluehost, who basically pointed me at the Include Editor and an article on the subject and said 'you're on your own'; I figured that it might be smart to at least try asking here in case there's something I'm missing or something I need to do that I don't know about. What am I doing wrong, and what do I need to do to get my site to be secure (and thus viewable)?
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
...because supposedly, that was an optimum security configuration (and most importantly, has no mention at all of RC4 in the first place. Doesn't work - according to tests, it still uses RC4. Likewise, using Global Configuration and entering that line in SSLCipherSuite, while accepted, still doesn't work. I've asked Bluehost, who basically pointed me at the Include Editor and an article on the subject and said 'you're on your own'; I figured that it might be smart to at least try asking here in case there's something I'm missing or something I need to do that I don't know about. What am I doing wrong, and what do I need to do to get my site to be secure (and thus viewable)?
-
(Smiley faces are actually : and D, it apparently autoformats.) 0 -
Painfully so. Wrapping in code tags takes some of the pain away though. ;) 0 -
Hi, Did you manage to resolve this in the end as I'm also having this problem, made worse by the fact that Chrome 48.0.2564.82 m is now blocking RC4 Connections and so is blocking users to my site. I've tried changing the cipher code to the Mozilla intermediate recommended cipher but the changes haven't taken affect. Thanks, Mark 0 -
I've tried changing the cipher code to the Mozilla intermediate recommended cipher but the changes haven't taken affect.
Could you let us know which method you used to update the cipher protocols, and the exact entry you added? Thank you.0 -
I updated the cipher via WHM Home >> Service Configuration >> Apache Configuration >> Global Configuration Using cipher: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA Protocol: all -SSLv2 -SSLv3 0 -
Update This has now been resolved, Bluehost reinstalled the security certificate which fixed the problem. Thanks, Mark 0 -
I am happy to see the issue is now resolved. Thank you for updating us with the outcome. 0
Please sign in to leave a comment.
Comments
8 comments