JamesOakley

1. Community
2. Miscellaneous
3. Custom Content in Paper Lantern - Specific Pages Only

Thanks Adam I wrote a great long reply to you, splitting your post into multiple parts to answer each question. Then I spotted what had happened, so I don't need my long reply. [QUOTE=http://blo...

• View comment
• JamesOakley
• December 03, 2014 14:43
• 0 votes

1. Community
2. Domain Management
3. [Case 128077] DNSOnly check_valid_server_hostname sends invalid alert

Just to add my 2p: I've hit the same issue. The correct, new, hostname is already showing in both /etc/sysconfig/network and with the hostname command. Yet I still get the error when I run /scripts...

• View comment
• JamesOakley
• November 23, 2014 06:35
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

Two questions about 11.44.1.19 1. The ChangeLog says the SSLProtocol setting for Exim is now configurable through WHM. I could find all the other services, but I couldn't find Exim. Where do you s...

• View comment
• JamesOakley
• October 23, 2014 08:55
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

In 11.44.1.19, on WHM " Service Configuration " Apache Configuration " Global Configuration, the field to set SSLProtocol has the label "SSL/TLS Cipher Suite". Is that a typo? (The expandable help ...

• View comment
• JamesOakley
• October 23, 2014 08:34
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

]Check the link I posted previously. Some involve editing the cipher line because the specific services in question, which are third-party to cPanel, don't have protocol-level definitions. That i...

• View comment
• JamesOakley
• October 20, 2014 08:22
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

]Why is it cPanel's responsibility to do this for any service other than cPanel/WHM itself? There are numerous instructions here on how to disable SSLv3 across the board. Because most of the inst...

• View comment
• JamesOakley
• October 19, 2014 22:16
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

]All, I've been repeatedly asked to post something about this to my site, so I did: [url=http://thecpaneladmin.com/disabling-support-for-sslv3-on-a-cpanel-server/]de-POODLE-ing: How to Disable S...

• View comment
• JamesOakley
• October 19, 2014 08:08
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

Picking up on what several people have said in this thread (and this may help @rohroh1974): You shouldn't be changing the SSLCiphers at all. SSLProtocol is the only thing that needs changing (well,...

• View comment
• JamesOakley
• October 16, 2014 07:08
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

That would remove TLS1.0 and TLS1.1 as well. Just add one line to the pre_main_global.conf file: SSLProtocol ALL -SSLv2 -SSLv3 and restart Apache. That protects Apache, but not Exim, Dovecot, Pu...

• View comment
• JamesOakley
• October 15, 2014 21:43
• 0 votes

1. Community
2. Security
3. SSLv3 Vulnerability : http://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols

But TLS_FALLBACK_SCSV only prevents forced downgrades, and I'm pretty sure that's not the only vector that makes SSLv3 problematic.

• View comment
• JamesOakley
• October 15, 2014 21:13
• 0 votes