How do you Adjust Cipher Protocols?
Posted by Allura on 07 01 2019.
A General Overview
Open SSL is used by most of the cPanel and WHM managed services in order to provide secure and protected connections between the server and client’s software. cPanel and WHM makes use of that particular version of Open SSL that is provided by the base operating system. The two primary settings allowed by Open SSL are ciphers and protocols.
A specific encryption algorithm is referred to as ciphers. This setting also has the capability of allowing the user to enable and disable ciphers individually or categorically. When a system is hacked, most attacks or viruses against the SSL modified data, as they travel between the server and the client- targets weaknesses in particular ciphers. For instance, the POODLE attack targets the weak spots of the SSLv3 protocol.
The following interfaces and options in cPanel and the WHM allow you to adjust the cipher protocols:
- cPanel and WHM (cpsrvd)- In WHM’s cPanel’s Web Services Configuration Interface, the cipher string can be adjusted for cPanel, WHM and Webmail interfaces (WHM >> Home >> Service Configuration >> cPanel Web Services Configuration). This interface makes use of the SSLv23 : SSLv2 : SSLv3 protocol syntax.
- Web Disk (cpdavd)- Here, the cipher string can be adjusted by making use of the cPanel Web Disk Configuration. The protocol syntax used here is same as the one mentioned in the first point.
- Courier- The cipher string to the Courier mail services can be adjusted in the Mailserver Configuration interface of WHM. Owing to limitations in Courier, this interface merely allows a user to toggle between all the protocols or a single protocol.
- Dovecot- The cipher string to Dovecot mail services can also be adjusted in the Mailserver Coniguration of the WHM. This particular interface accepts only a string that implies everything by default, such as !SSLv2 and !SSLv3.
- Apache- The cipher string of Apache’s can be adjusted in the WHM’s Global Configuration interface. This interface also accepts protocol strings such as All –SSLv2 and –SSLv3.
- Exim- In the version 66 of cPanel and WHM, simple changes can be toggled in the Security tab of the Basic Editor section which displays the cipher list. This section is present in the Exim Configuration Manager interface. The Exim cipher’s list can also be entirely configured by customizing your settings in the Advanced Editor section. This protocol accepts exim specific settings such as +no_SSLv2 and +no_SSLv3.