Skip to main content

How to set TLS cipher preference in WHM?

JAB Creations
  • Edited

I don't do default settings because they rarely work even if they're properly configured. Case in point TLS security. Immuniweb has a fantastic tool that I've been using over the past maybe decade at this point?

There is only one issue that I haven't figured out: how do I set the TLS cipher preference in WHM? To see what I'm referring to (there are no id attributes so you'll have to Control+F to find the header) scroll down to the "SERVER DOES NOT HAVE CIPHER PREFERENCE" header on this page:

https://www.immuniweb.com/ssl/jabcreations.com/KsGjtGBS/

So again, how do I set the TLS cipher preference in WHM?

Additionally how do I set the cipher preference in WHM for different ports such as 993?

Comments

3 comments

Date Votes
  • cPRex Jurassic Moderator

    Hey there!  The short answer - you don't, at least not through WHM.

    The longer answer, is that this isn't one of the values cPanel has included to be configured on the system.  This isn't abnormal, as there are thousands of options inside of Apache, so we can't include all of them in the WHM interface even if we wanted to.

    A bit of research shows that Apache can indeed control this through the SSLHonorCipherOrder value, but that isn't something you can adjust in WHM.  You can add the following entry to /etc/apache2/conf.d/includes/pre-virutalhost_global.conf

    SSLHonorCipherOrder on

    and then restart Apache with this command:

    /scripts/restartsrv_httpd

    and then you'll see that option is working well in your online scan.  Here's a test from my own system showing this:

    As far as the other ports, it will all depend on the individual service, and they will all be configured differently.  Some may not even have this option available.  For example, you mentioned port 993, but it doesn't look like Dovecot itself even has such an option available, as discussed here:

    https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2

    Let me know if that helps!

     

    1
  • JAB Creations

    Rex, thank for for the response and answer! It worked like a charm and now that test passes with zero flaws...at least that one. I'll post a few more server configuration questions over the course of this week.

    0
  • cPRex Jurassic Moderator

    Glad to hear that worked!

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post