Cyphers and SSL Protocols
Posted by Will Kruss on 17 March 2020 05:13 PM
|
|
If you are concerned about ensuring you have the latest cyphers and SSL protocols supported, to get an A rating at ssllabs.com then in cPanel you should go to the Apache Configuration -> Global Configuration To enable TLS v1.2 and higher your protocol should read: all -SSLv3 -TLSv1 -TLSv1.1 The cypher list at the time of writing should read: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 However, you may wish to grab the latest cypher list at the Mozilla SSL configuration generator at: https://ssl-config.mozilla.org/ If you'd like us to help set this correctly, please send a ticket to support@vpsblocks.com.au and we're happy to help. Note that by setting this legacy (outdated) browsers and systems are unlikely to be able to connect successfully to your website or email. | |
|