cPanel Web Services Configuration

(WHM >> Home >> Service Configuration >> cPanel Web Services Configuration)

Overview

The system uses cipher suites to negotiate security settings for network connections over TLS/SSL. This interface allows you to edit the TLS/SSL Cipher List and TLS/SSL Protocol list for cPanel, WHM, and Webmail.

Warning:

As of cPanel & WHM version 68, we only support Transport Layer Security (TLS) protocol version 1.2.

We will only support applications that use TLSv1.2.
We strongly recommend that you enable TLSv1.2 on your server.

Important:

We recommend that only advanced users edit the cipher and protocol lists.

Defaults

By default, cPanel & WHM uses the following cipher list for web services:

Click to view...

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

By default, cPanel & WHM uses the following protocol list for web services:

Click to view...

SSLv23:!SSLv2:!SSLv3

Edit the cipher list

To edit the cipher list, enter the appropriate cipher in the text box and click Save.

Notes:

The default cipher list is PCI compliant. To edit the cipher list to improve the security level on your server, read Apache's SSLCipherSuite Directive documentation.
We do not recommend that you edit the cipher list to lower the security level. Make certain that the cipher suite uses at least 128-bit encryption.

Edit the protocol list

To edit the protocol list, enter the appropriate protocol list in the text box and click Save.

Additional documentation

Page:

cPanel Web Services Configuration
Page:

The checkallsslcerts Script
Page:

Manage Service SSL Certificates
Page:

Purchase and Install an SSL Certificate
Page:

Tweak Settings - Redirection

Page:

Private Keys - KEY
Page:

Certificates - CRT
Page:

Certificate Signing Requests - CSR
Page:

Encryption
Page:

SSL TLS Wizard

Page:

cPanel Web Services Configuration
Page:

How to Adjust Cipher Protocols
Page:

How to Disable the cPanel Store as an SSL Certificate Provider in WHM
Page:

Guide to SSL
Page:

Service Subdomains Use the cPanel Service SSL

Page:

UAPI Functions - SSL::toggle_ssl_redirect_for_domains
Page:

UAPI Functions - SSL::can_ssl_redirect
Page:

UAPI Functions - WebVhosts::list_ssl_capable_domains
Page:

UAPI Functions - SSL::install_ssl
Page:

Tutorial - Call UAPI's SSL::install_ssl Function in Custom Code

Child pages