Current SSL cipher lists for DirectAdmin servers

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » System Level

Current SSL cipher lists for DirectAdmin serversLast Modified: Nov 11, 2019, 4:25 pm
Here is the current SSL cipher list for DirectAdmin servers.
Take note of the Last Modified date, to the top right of the guide.
Included are the paths to edit, and values to use.

1) Apache:


SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder     off

If you wish to have a more secure list of ciphers, as the cost of blocking some older clients, you can use this guide.

2) Nginx/Proxy


ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

3) Dovecot: 2.3


ssl_min_protocol = TLSv1.1
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Changing your SSL/TLS/cipher lists in dovecot

4) Exim: 4.91


openssl_options=+no_sslv2 +no_sslv3

See this guide on how to change the exim.variables.conf settings via the exim.variables.conf.custom file.

5) DirectAdmin: current binaries only allow TLSv1.2



Binaries older than October 16, 2014 use this:


If you're using an OS that doesn't support TLSv1.2 (aka: CentOS 5), then you'd have no choice but to get the newer pre-release binaries, or wait for 1.46.3.

6) Pure-FTPd:



7) ProFTPd:


TLSProtocol TLSv1

Once all services are set, restart all services.

Related thread:

Handy cipher generator

Related Helpfiles
How to check your SSL ciphers to make sure they don't accept SSLv3
I want to use different ciphers with Apache, using CustomBuild 2.0
Changing your SSL/TLS/cipher lists in dovecot

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST