cPanel Default Cipher Issue Impacting IE 11 SSL Handshake

*** 5.2.8 build 7 already implemented the fix to this issue.  

---------------

There has been a known cPanel default cipher issue which may cause IE 11 and other browsers' SSL handshake failure.

The cPanel default cipher is
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

while the IE 11 requires "ECDHE-RSA-AES128-SHA".

Apache and older version of LSWS do not support "CHACHA20-POLY1305", so this configuration has no effect. The default Apache cipher suite is used and it includes "ECDHE-RSA-AES128-SHA". While the latest builds of LSWS support using the new BoringSSL package which supports "CHACHA20-POLY1305" and TLSv1.3, the configuration actually applied resulted in IE 11 and other older browsers not successfully negotiating a SSL cipher with the latest version of LSWS.

The fix is simple, just add "ECDHE-RSA-AES128-SHA" to the end of the cipher list and you shouldn't see the handshake failures anymore.
We have reported the issue to cPanel and, hopefully, a fix to the cPanel default cipher can be implemented.  You can also consult cPanel support for more details and progress about a bug fix.


  • cPanel, cipher, ssl, handshake
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

500 errors

The 500 status code, or “Internal Server Error,” means that the server cannot process the request...

Add support key

To add the LiteSpeed support team's key to your server, run the following command from the SSH...

Compression isn't working

Please make sure the .CSS MIME-type has been added to "Compressible Types" in the web admin...

Database connection issue caused by CL Imunify360

In this situation, LSWS may not be the cause of your MySQL database connection issue.Do you use...

Fatal error when enabling LSCWP in WHM cache manager

While using the Web Cache Management feature of our WHM plugin, you might occasionally see an...