| ||
| ||
| Here is the current SSL cipher list for DirectAdmin servers. Take note of the Last Modified date, to the top right of the guide. Included are the paths to edit, and values to use. 1) Apache: /etc/httpd/conf/extra/httpd-ssl.conf SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 2) Nginx/Proxy /etc/nginx/nginx-defaults.conf ssl_protocols TLSv1.2 TLSv1.3; 3) Dovecot: 2.3 /etc/dovecot/conf/ssl.conf ssl_min_protocol = TLSv1.1 4) Exim: 4.91 /etc/exim.variables.conf openssl_options=+no_sslv2 +no_sslv3 5) DirectAdmin: current binaries only allow TLSv1.2 /usr/local/directadmin/conf/directadmin.conf ssl_cipher=HIGH:!aNULL:!MD5 Binaries older than October 16, 2014 use this: ssl_cipher=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP If you're using an OS that doesn't support TLSv1.2 (aka: CentOS 5), then you'd have no choice but to get the newer pre-release binaries, or wait for 1.46.3. 6) Pure-FTPd: /etc/init.d/pure-ftpd OPTIONS="${OPTIONS} -Y 1 -J -S:HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3" 7) ProFTPd: /etc/proftpd.conf TLSProtocol TLSv1 Once all services are set, restart all services. Related thread: http://forum.directadmin.com/showthread.php?t=50099 Handy cipher generator | ||
| Related Helpfiles | ||
| How to check your SSL ciphers to make sure they don't accept SSLv3 | ||
| I want to use different ciphers with Apache, using CustomBuild 2.0 | ||
| Changing your SSL/TLS/cipher lists in dovecot |
© 2018 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST