BuycPanel Blog

BuycPanel Blog

Latest news and updates

Adjusting of Cipher Protocols

Posted by Allura on 03 08 2018.

A Brief Introduction On Adjusting Of Cipher Protocols

In securing connections between client software and the server, most cPanel and WHM-managed services requires the usage of OpenSSL. OpenSSL has two primary settings: one is the cipher and another is the protocol.

Cipher

A cipher can be referred to as a specific encryption algorithm. This is a kind of setting that grants the user to allow or disallow ciphers individually or by category.

Protocol

A protocol, whereas, can be referred as a way in which the system makes a use of ciphers. This is a kind of setting that grants the user to allow or disallow individual protocols or categories of protocols.

There are certain interfaces and options in cPanel and WHM that allows one to figure out the cipher and protocol list of services that makes an efficient use of OpenSSL. They are:

cPanel and WHM (cpsrvd)

If the service is of cPanel and WHM (cpsrvd):

  • Cipher: One must adjust the cipher string for the cPanel, WHM, and Webmail interfaces in WHM’s cPanel Web Services Configuration interface (WHM >> Home >> Service Configuration >> cPanel Web Services Configuration).
  • Protocol: One must adjust the protocol string for the cPanel, WHM, and Webmail interfaces in WHM’s cPanel Web Services Configuration interface (WHM >> Home >> Service Configuration >> cPanel Web Services Configuration).

This interface uses the SSLv23:!SSLv2:!SSLv3 style protocol syntax.

Web Disk (cpdavd)

If the service is of Web Disk (cpdavd):

  • Cipher: must adjust the cipher string for the Web Disk feature in WHM’s cPanel Web Disk Configuration interface (WHM >> Home >> Service Configuration >> cPanel Web Disk Configuration ).
  • Protocol: One must adjust the protocol string for the Web Disk Conference interface (WHM >> Home >> Service Configuration >> cPanel Web Disk Configuration).

This interface uses the SSLv23:!SSLv2:!SSLv3 style protocol syntax.

Courier

If the service is of Courier:

  • Cipher: One must adjust the cipher string for Courier mail services (IMAP or POP3) in WHM’s Mailserver Configuration interface (WHM >> Home >> Service Configuration >> Mailserver Configuration). It must be kept in mind that this interface provides separate settings for IMAP and POP3.
  • Protocol: One must adjust the protocol string for Courier mail services (IMAP or POP3) in WHM’s Mailserver Configuration interface (WHM >> Home >> Service Configuration >> Mailserver Configuration).

Due to its certain limitations, this interface allows one to switch between all protocols or a single protocol.

Dovecot

If the service is of Dovecot:

  • Cipher: One must adjust the cipher string for Dovecot mail services (IMAP or POP3) in WHM’s Mailserver Configuration interface (WHM >> Home >> Service Configuration >> Mailserver Configuration).
  • Protocol: One must adjust the protocol string for Dovecot mail services (IMAP or POP3) in WHM’s Mailserver Configuration interface (WHM >> Home >> Service Configuration >> Mailserver Configuration).

This interface accepts a string that implies All by default, such as !SSLv2 !SSLv3.

Conclusion

These are the ways of adjusting Cipher Protocols. These ways require certain interface for its proper working.