Current SSL cipher lists for DirectAdmin servers

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » System Level

Current SSL cipher lists for DirectAdmin serversLast Modified: Apr 12, 2016, 4:41 pm
Here is the current SSL cipher list for DirectAdmin servers.
Take note of the Last Modified date, to the top right of the guide.
Included are the paths to edit, and values to use.

1) Apache:


SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite HIGH:!aNULL:!MD5

If you wish to have a more secure list of ciphers, as the cost of blocking some older clients, you can use this guide.

2) Nginx/Proxy


ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

3) Dovecot: 2.1+


ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

4) Exim: 4.80+


openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

5) DirectAdmin: current binaries only allow TLSv1.2



Binaries older than October 16, 2014 use this:


If you're using an OS that doesn't support TLSv1.2 (aka: CentOS 5), then you'd have no choice but to get the newer pre-release binaries, or wait for 1.46.3.

6) Pure-FTPd:



7) ProFTPd:


TLSProtocol TLSv1

Once all services are set, restart all services.

Related thread:

Handy cipher generator

Related Helpfiles
How to check your SSL ciphers to make sure they don't accept SSLv3
I want to use different ciphers with Apache, using CustomBuild 2.0

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST