Last year a previously theoretical attack surfaced which can allow TLS security to be manipulated and weakened, it’s a simple attack and one which a simple configuration change can patch. Learn more about the BEAST attack on TLS here.
To patch Apache in cPanel is a simple 2 step process.
Step 1:
Login to WHM and navigate to: Service Configuration -> Apache Configuration -> Global Configuration
Here select the custom option for “SSL Cipher Suite” and enter the following:
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
Click Save, then click, Rebuild Configuration and Restart Apache to compile the config change.
Step 2:
In WHM navigate to: Service Configuration -> Apache Configuration -> Include Editor
Select “All Versions” under the “Pre VirtualHost Include” section.
In the text box enter the following:
SSLHonorCipherOrder On
Click Update, then Restart Apache.
Your cPanel server should now be patched against the BEAST TLS attack, you can verify this using a security checking tool such as SSLLabs.
Thanks, worked like a charm.