cPanel

cPanel Web Services Configuration

Valid for versions 88 through the latest version

Version:

82

86

88


Overview

The system uses cipher suites to negotiate security settings for network connections over TLS/SSL. This interface allows you to edit the TLS/SSL Cipher List and TLS/SSL Protocol list for cPanel, WHM, and Webmail.

Warning:

We recommend that only advanced users edit the cipher and protocol lists.

Important:

cPanel & WHM supports Transport Layer Security (TLS) protocol version 1.2 and Transport Layer Security (TLS) protocol version 1.3:

  • cPanel & WHM only supports TLSv1.2 or newer. The system enables TLSv1.2 by default.
  • Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher.

Defaults

By default, cPanel & WHM uses the following cipher list for web services:

Click to view…

ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

By default, cPanel & WHM uses the following protocol list for web services:

Click to view…

SSLv23:!SSLv2:!SSLv3:!TLSv1:!TLSv1_1

Edit the cipher list

To edit the cipher list, enter the appropriate cipher in the text box and click Save.

Note:
  • The default cipher list is PCI compliant. To edit the cipher list to improve the security level on your server, read Apache’s SSLCipherSuite Directive documentation.

  • We do not recommend that you edit the cipher list to lower the security level. Make certain that the cipher suite uses at least 128-bit encryption.

Edit the protocol list

To edit the protocol list, enter the appropriate protocol list in the text box and click Save.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *