How to secure a cPanel server against BEAST attacks

Last year a previously theoretical attack surfaced which can allow TLS security to be manipulated and weakened, it’s a simple attack and one which a simple configuration change can patch. Learn more about the BEAST attack on TLS here.

To patch Apache in cPanel is a simple 2 step process.

Step 1:

Login to WHM and navigate to: Service Configuration -> Apache Configuration -> Global Configuration

Here select the custom option for “SSL Cipher Suite” and enter the following:

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

Click Save, then click, Rebuild Configuration and Restart Apache to compile the config change.

Step 2:

In WHM navigate to: Service Configuration -> Apache Configuration -> Include Editor

Select “All Versions” under the “Pre VirtualHost Include” section.

In the text box enter the following:

SSLHonorCipherOrder On

Click Update, then Restart Apache.

Your cPanel server should now be patched against the BEAST TLS attack, you can verify this using a security checking tool such as SSLLabs.

Exit mobile version

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close