Thought was SSL prob but provider says Apache config?
Hi All,
I've read through the forums and many G Search results for this but there's nothing relatively recent, taking in to account the various negative press articles about SSL/TLS and so forth.
My VPS has an SSL installed, I'm getting the green padlock in Chrome etc at first glance but when I click the padlock it says that it is using an 'obsolete' cipher suite *please see screenshot*
Also, when checking the VPS SSL cert etc in Firefox, it says the following (at the bottom of the screenshot)
For e.g.
My mail-server configuration is set-up currently to use;
Cipher Suite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
Protocols: !SSLv2 !SSLv3
There's no mention of TLS in the above, so I'm unsure what I am missing / doing wrong here.
Therefore, can somebody kindly share what is the latest and safest cipher suite and relevant protocols for me to use for my VPS as a whole please, (All 4 services) it would be very much appreciated and put me out of my misery.
Regards,
-
We had a cipher suite recommended by cpanel a couple of months ago, to fix a lot of browser issues. This needs to be changed in the following locations in WHM 1) Apache General Config 2) Mailserver Config 3) cPanel Web services Config 4) Exim Advanced Configuration Editor (tls_require_ciphers) 5) cPanel Web Disk Config The cipher suite is as follows (all one line): ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH
Once you have those changed, you can test a domain name with an SSL on that particular using the following:0 -
Hi All, I just sent this following email to my SSL provider; I have used one of my 2 purchased RapidSSL certificates on my Virtual Private Server (VPS) to secure the Web Host Manager (WHM/cPanel) login etc, please see the attached screenshot; I have the greenpadlock in Google Chrome for e.g. but when I click this and go to the 'Connection' tab, it's saying I'm using an outdated cipher suite TLS1.2 but I have no clue which to choose better or how to change it. However, I need this SSL working flawlessly for obvious reasons. I'd be very appreciative of any help or guidance and I've tried following your install instructions etc but must be missing something somewhere. I'm using CentOS Linux, Apache 2.4 and cPanel for my VPS if it helps. I look forward to hearing from you in due course.
They then replied with the following; Hello Robert. Thank you for the information. The message you are seeing in Chrome is not related to your SSL certificate. It is related to your server configuration. Here is information from Chrome's site about these messages.0 -
We had a cipher suite recommended by cpanel a couple of months ago, to fix a lot of browser issues. This needs to be changed in the following locations in WHM 1) Apache General Config 2) Mailserver Config 3) cPanel Web services Config 4) Exim Advanced Configuration Editor (tls_require_ciphers) 5) cPanel Web Disk Config The cipher suite is as follows (all one line):
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH
Once you have those changed, you can test a domain name with an SSL on that particular using the following:0
Please sign in to leave a comment.
Comments
7 comments