jestep

  • Total activity 42
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 7

Activity overview

Latest activity by jestep
  • jestep created a post,

    TLS 1.2 Poodle Vulnerability for WHM and Cpanel Ports

    Just started failing PCI on a server for a poodle vulnerability for WHM and Cpanel ports, 2083 and 2087. CVE's are: 2015-4078 2014-8730 2015-5369 This server has been running for years right now ...

  • jestep commented,

    That leaves FTP (PureFTPd) and Web (Apache). What should those ciphersuites and SSL versions be set to? For Apache, we're running: All -SSLv2 -SSLv3 -TLSv1 and ECDHE-ECDSA-CHACHA20-POLY1305:ECD...

  • jestep commented,

    Pure FTP is working with: AES128+EECDH:AES128+EDH:!SSLv2:!SSLv3:!3DES For cpanel web service configuration, I have: HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!DES SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1 Fa...

  • jestep commented,

    FTP: AES128+EECDH:AES128+EDH:!TLSv1:!TLSv1_1:!SSLv2:!SSLv3 Re-digging this up. Our FTP servers won't start when using this cipher configuration. Are you running Pure FTP on your setups?

  • jestep created a post,

    Modsecurity CMC whitelist being ignored

    This is a huge annoyance. Using configserver CMC. The configserver forums are basically dead so posting here to see if anyone else has had the same problem. Basically the mod_security CMC whitelist...

  • jestep commented,

    So, I restarted apache, and the time went back down to below 1 second. After a few minutes, it's bouncing between about 5 and 10, and now it's back up to 30 seconds.

  • jestep created a post,

    Extremely slow SSL after migration to new server

    We're in the process of migrating a bunch of sites to a new linode cpanel server. Server is setup running CentOS7, 16Gb of RAM. We wanted MPM ITK with the new server and no longer had the option ...

  • jestep commented,

    Looks like the Diffie Hellman - AECDH cipher suite is a failing condition now for TLS 1.1 and TLS 1.2. These are being used only by cpanel/whm services. Were these the same ones yours was failing o...

  • jestep commented,

    Digging this back up. Anyone have a clue if Microsoft is going to do anything to make outlook compatible with TLS v1.1 or 1.2? I've found some manual instructions but not exactly convenient to do r...

  • jestep commented,

    Well, we tried switching to pro ftp and it's a complete disaster. Had so many problems with it that it's not really usable or ours is completely broken. Getting these errors on directories named l...