jestep
- Total activity 42
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 0
- Subscriptions 7
Activity overview
Latest activity by jestep-
jestep created a post,
TLS 1.2 Poodle Vulnerability for WHM and Cpanel Ports
Just started failing PCI on a server for a poodle vulnerability for WHM and Cpanel ports, 2083 and 2087. CVE's are: 2015-4078 2014-8730 2015-5369 This server has been running for years right now ...
-
jestep commented,
That leaves FTP (PureFTPd) and Web (Apache). What should those ciphersuites and SSL versions be set to? For Apache, we're running: All -SSLv2 -SSLv3 -TLSv1 and ECDHE-ECDSA-CHACHA20-POLY1305:ECD...
-
jestep commented,
Pure FTP is working with: AES128+EECDH:AES128+EDH:!SSLv2:!SSLv3:!3DES For cpanel web service configuration, I have: HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!DES SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1 Fa...
-
jestep commented,
FTP: AES128+EECDH:AES128+EDH:!TLSv1:!TLSv1_1:!SSLv2:!SSLv3 Re-digging this up. Our FTP servers won't start when using this cipher configuration. Are you running Pure FTP on your setups?
-
jestep created a post,
Modsecurity CMC whitelist being ignored
This is a huge annoyance. Using configserver CMC. The configserver forums are basically dead so posting here to see if anyone else has had the same problem. Basically the mod_security CMC whitelist...
-
jestep commented,
So, I restarted apache, and the time went back down to below 1 second. After a few minutes, it's bouncing between about 5 and 10, and now it's back up to 30 seconds.
-
jestep created a post,
Extremely slow SSL after migration to new server
We're in the process of migrating a bunch of sites to a new linode cpanel server. Server is setup running CentOS7, 16Gb of RAM. We wanted MPM ITK with the new server and no longer had the option ...
-
jestep commented,
Looks like the Diffie Hellman - AECDH cipher suite is a failing condition now for TLS 1.1 and TLS 1.2. These are being used only by cpanel/whm services. Were these the same ones yours was failing o...
-
jestep commented,
Digging this back up. Anyone have a clue if Microsoft is going to do anything to make outlook compatible with TLS v1.1 or 1.2? I've found some manual instructions but not exactly convenient to do r...
-
jestep commented,
Well, we tried switching to pro ftp and it's a complete disaster. Had so many problems with it that it's not really usable or ours is completely broken. Getting these errors on directories named l...