{"id":490,"date":"2020-11-30T09:16:11","date_gmt":"2020-11-30T09:16:11","guid":{"rendered":"http:\/\/velaninfo.com\/resources\/?post_type=techtips&p=490"},"modified":"2021-09-29T12:58:59","modified_gmt":"2021-09-29T12:58:59","slug":"cpanel-whm-server","status":"publish","type":"techtips","link":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/","title":{"rendered":"How to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability?"},"content":{"rendered":"

Browsers like Firefox and IE reported that SSLv3 is disabled. OpenSSL provides fixes for SSLv3 for major distros at cPanel\/WHM server.<\/p>\n

The SSL 3.0 vulnerability through a man-in-the-middle attack can allow an attacker to break into a secure session.<\/p>\n

The fix is to disable the CBC ciphers in the cPanel\/WHM<\/p>\n

The below script checks the cPanel and WHM server is vulnerable. The following script needs to be executed in root login. If you receive any cipher output, the cPanel and WHM server may be considered vulnerable.<\/p>\n

for port in 21 443 465 993 995 2083 2087 2078 2096; do echo “Scanning $port”; for cipher in $(OpenSSL ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s\/:\/ \/g’); do echo -n | OpenSSL s_client -sslv3 -cipher “$cipher” -connect xyz.xyz.xyz.xyz:$port 2>&1 | grep -i “Cipher is”; done; done<\/em><\/p>\n

Note: Replace the xyz.xyz.xyz.xyz with your server IP<\/strong><\/p>\n

Below are the steps to disable the SSL3.0 in the cPanel\/WHM servers<\/p>\n

HTTP \u2013 Apache <\/strong><\/p>\n

Login to your WHM and click on Service Configuration -> Apache Configuration -> Global Configuration and set the SSL Cipher Suite to one below<\/p>\n

ALL:!ADH:!RC4:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH<\/em><\/p>\n

Click on Service Configuration -> Apache Configuration – > Include Editor and add the following in the Pre Main Include<\/em><\/p>\n

SSLProtocol All -SSLv2 -SSLv3<\/p>\n

SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256<\/p>\n

SSLHonorCipherOrder on<\/p>\n

Restart Apache services<\/p>\n

HTTP \u2013 Nginx<\/strong><\/p>\n

Go to the Nginx configuration and change the following line to<\/p>\n

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;<\/p>\n

to<\/p>\n

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<\/p>\n

Restart Nginx services<\/p>\n

SMTP \u2013 Exim<\/strong><\/p>\n

Login to your WHM<\/strong><\/a> and click on Service Configuration -> Exim Configuration Manager -> Advanced Editor and set the tls_require_ciphers to one below<\/p>\n

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv2<\/p>\n

Restart Exim services.<\/p>\n

POP\/IMAP \u2013 Courier-IMAP \/ Dovecot<\/strong><\/p>\n

Login to your WHM and click on Service Configuration -> Mailserver Configuration and change the SSL Cipher List to the one below<\/p>\n

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2<\/p>\n

FTP \u2013 Pure-FTP \/ Pro-FTP<\/strong><\/p>\n

Login to your WHM and click on Service Configuration -> FTP Server Configuration and change the tls Cipher Suite to one below<\/p>\n

HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!TLSv1:!SSLv2:!SSLv3<\/p>\n

cPanel Web Services<\/strong><\/p>\n

Login to your WHM and click on Service Configuration -> cPanel Web Services Configuration set the TLS\/SSL Cipher List to the one below<\/p>\n

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH<\/p>\n

 <\/p>\n

cPanel Web Disk<\/strong><\/p>\n

Login to your WHM and click on Service Configuration -> cPanel Web Disk Configuration and change TLS\/SSL Cipher to the one below<\/p>\n

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:!RC4:HIGH:!MD5:!aNULL:!EDH<\/p>\n

At Velan<\/a>, our server support engineers can help you fix the cPanel\/WHM server from SSLv3 POODLE vulnerability issue. For details, please visit managed it services for small business\u00a0<\/strong><\/a><\/p>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Browsers like Firefox and IE reported that SSLv3 is disabled. OpenSSL provides fixes for SSLv3 for major distros at cPanel\/WHM server. The SSL 3.0 vulnerability through a man-in-the-middle attack can allow an attacker to break into a secure session. The fix is to disable the CBC ciphers in the cPanel\/WHM The below script checks the… Continue Reading \"Continue<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"tags":[],"class_list":["post-490","techtips","type-techtips","status-publish","hentry","Categories_tech_tip-cpanel-whm","Categories_tech_tip-linux","Categories_tech_tip-security","Categories_tech_tip-server"],"yoast_head":"\ncPanel\/WHM server | How to protect from SSLv3 POODLE vulnerability<\/title>\n<meta name=\"description\" content=\"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability?\" \/>\n<meta property=\"og:description\" content=\"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/\" \/>\n<meta property=\"og:site_name\" content=\"Velan\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-29T12:58:59+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/\",\"url\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/\",\"name\":\"cPanel\/WHM server | How to protect from SSLv3 POODLE vulnerability\",\"isPartOf\":{\"@id\":\"https:\/\/www.velaninfo.com\/rs\/#website\"},\"datePublished\":\"2020-11-30T09:16:11+00:00\",\"dateModified\":\"2021-09-29T12:58:59+00:00\",\"description\":\"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services\",\"breadcrumb\":{\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.velaninfo.com\/rs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tech Tips\",\"item\":\"https:\/\/www.velaninfo.com\/rs\/techtips\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.velaninfo.com\/rs\/#website\",\"url\":\"https:\/\/www.velaninfo.com\/rs\/\",\"name\":\"Velan\",\"description\":\"Velaninfo Services India Pvt Ltd\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.velaninfo.com\/rs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"cPanel\/WHM server | How to protect from SSLv3 POODLE vulnerability","description":"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/","og_locale":"en_US","og_type":"article","og_title":"How to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability?","og_description":"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services","og_url":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/","og_site_name":"Velan","article_modified_time":"2021-09-29T12:58:59+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/","url":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/","name":"cPanel\/WHM server | How to protect from SSLv3 POODLE vulnerability","isPartOf":{"@id":"https:\/\/www.velaninfo.com\/rs\/#website"},"datePublished":"2020-11-30T09:16:11+00:00","dateModified":"2021-09-29T12:58:59+00:00","description":"Steps to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability issue | Velan offers Remote Server Support Services","breadcrumb":{"@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/cpanel-whm-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.velaninfo.com\/rs\/"},{"@type":"ListItem","position":2,"name":"Tech Tips","item":"https:\/\/www.velaninfo.com\/rs\/techtips\/"},{"@type":"ListItem","position":3,"name":"How to protect your cPanel\/WHM server from SSLv3 POODLE vulnerability?"}]},{"@type":"WebSite","@id":"https:\/\/www.velaninfo.com\/rs\/#website","url":"https:\/\/www.velaninfo.com\/rs\/","name":"Velan","description":"Velaninfo Services India Pvt Ltd","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.velaninfo.com\/rs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips"}],"about":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/types\/techtips"}],"author":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/comments?post=490"}],"version-history":[{"count":8,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/490\/revisions"}],"predecessor-version":[{"id":1421,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/490\/revisions\/1421"}],"wp:attachment":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/media?parent=490"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/tags?post=490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}