Skip to main content

Locked out of WHM (SSLCipherSuite/SSLProtocol)

ItsMattSon
Hi guys, I did exactly what cPanel Documentation said to be super cautious of if you're not an advanced user, which was editing the SSLCipherSuite and SSLProtocol in Home >> Service Configuration >> cPanel Web Services Configuration I thought I had it right, so I saved the configuration I set which was: SSLCipherSuite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!DSS:!EXP:!CAMELLIA:!DES:!MD5:!PSK:!RC4 SSLProtocol: TLSv1.2 In hind sight, I don't really know what that level of security would prevent. I just figured it is secure and as long as my browser is the latest then I should've been fine. Apparently not :p Could anyone tell me where I'd restore the defaults? (as I have root access via SSH still) Thanks in advance!

Comments

5 comments

Date Votes
  • ItsMattSon
    Additional query - Can anyone tell me why it happened? Firefox says: An error occurred during a connection to srv.domain.com:2083. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP" I understand that the browser and server couldn't agree on an encryption algorithm, but would anyone be able to explain the technical side of that? (because I thought latest browsers would support TLSv1.2 and the stronger cipher suites I had, so it'd be good to know what went wrong)
    0
  • Eric
    Howdy, Could I get you to file a ticket with our support team? This is likely going to involve some specifics that relate to your server or the certificate. Thanks!
    0
  • ItsMattSon
    Thanks for the suggestion. Thought it might be a simple config cipher edit back to defaults somewhere but I guess not :p I've rolled my server back to a snapshot I took one day before, so problem solved. Thanks
    0
  • NexLev
    I believe this is what the Original Poster was asking for. On the "Home >> Service Configuration >> cPanel Web Services Configuration" page I edited the " TLS/SSL Protocols " text field. When I did this, I was no longer able to log in to WHM or cPanel. When I would try to, I would get this error in Edge/Chrome: ERR_SSL_PROTOCOL_ERROR This is what I did to resolve this problem ... STEP 1: I logged in via ssh STEP 2: I opened the "ssl_socket_args" file using the nano file editor: nano var/cpanel/conf/cpsrvd/ssl_socket_args STEP 3: I then edited (fixed) this line and saved my changes: SSL_version=!SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1 STEP 4: I then recompiled Apache, restarted the apache service, and restarted the cpanel service ... all with this one line command: /scripts/buildhttpdconf; service httpd restart; service cpanel restart After following these steps, I was able to login to WHM and cPanel again. Hope this helps.
    0
  • cPanelAnthony
    Thank you for letting us know your resolution!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post