*** 5.2.8 build 7 already implemented the fix to this issue.
---------------
There has been a known cPanel default cipher issue which may cause IE 11 and other browsers' SSL handshake failure.
The cPanel default cipher is
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
while the IE 11 requires "ECDHE-RSA-AES128-SHA".
Apache and older version of LSWS do not support "CHACHA20-POLY1305", so this configuration has no effect. The default Apache cipher suite is used and it includes "ECDHE-RSA-AES128-SHA". While the latest builds of LSWS support using the new BoringSSL package which supports "CHACHA20-POLY1305" and TLSv1.3, the configuration actually applied resulted in IE 11 and other older browsers not successfully negotiating a SSL cipher with the latest version of LSWS.
The fix is simple, just add "ECDHE-RSA-AES128-SHA" to the end of the cipher list and you shouldn't see the handshake failures anymore.
We have reported the issue to cPanel and, hopefully, a fix to the cPanel default cipher can be implemented. You can also consult cPanel support for more details and progress about a bug fix.
