Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 68

(WHM >> Home >> Service Configuration >> cPanel Web Services Configuration)

Overview

The system uses cipher suites to negotiate security settings for network connections over TLS/SSL. This interface allows you to edit the TLS/SSL Cipher List for cPanel, WHM, and Webmail.

Warning:

As of cPanel & WHM version 68, we only support Transport Layer Security (TLS) protocol version 1.2

  • We will only support applications that use TLSv1.2.
  • We strongly recommend that you enable TLSv1.2 on your server. 

Important:

We recommend that only advanced users edit the cipher list.

Defaults

By default, cPanel & WHM uses the following protocol list for web services:

SSLv23:!SSLv2:!SSLv3

By default, cPanel & WHM uses the following cipher list for web services:

 Click to view...
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Edit the cipher list

To edit the cipher list, enter the appropriate cipher in the text box and click Save.

Notes:

  • The default cipher list is PCI compliant. To edit the cipher list to improve the security level on your server, read Apache's SSLCipherSuite Directive documentation.
  • We do not recommend that you edit the cipher list to lower the security level. Make certain that the cipher suite uses at least 128-bit encryption.

Additional documentation