Knowledgebase
Knowledgebase
Cyphers and SSL Protocols
Posted by Will Kruss on 17 March 2020 05:13 PM

If you are concerned about ensuring you have the latest cyphers and SSL protocols supported, to get an A rating at ssllabs.com then in cPanel you should go to the Apache Configuration -> Global Configuration

To enable TLS v1.2 and higher your protocol should read:

all -SSLv3 -TLSv1 -TLSv1.1

The cypher list at the time of writing should read:

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

However, you may wish to grab the latest cypher list at the Mozilla SSL configuration generator at: https://ssl-config.mozilla.org/

If you'd like us to help set this correctly, please send a ticket to support@vpsblocks.com.au and we're happy to help.

Note that by setting this legacy (outdated) browsers and systems are unlikely to be able to connect successfully to your website or email.

(0 vote(s))
Helpful
Not helpful