cPanel Default Cipher Issue Impacting IE 11 SSL Handshake

*** 5.2.8 build 7 already implemented the fix to it.  will park it for a while and it can be finally removed soon.

---------------

There has been a known cpanel default cipher issue which may cause IE 11 and other browsers' SSL handshake failure.

cPanel default cipher is
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

while the IE 11 requires "ECDHE-RSA-AES128-SHA".

Apache and older version of LSWS does not support "CHACHA20-POLY1305", so this configuration has no effect, the default Apache cipher suite is used and it includes "ECDHE-RSA-AES128-SHA". While the latest builds of LSWS support using the new BoringSSL package which supports "CHACHA20-POLY1305" and TLSv1.3, so the configuration actually applied which resulted in IE 11 and other older browsers not successfully negotiating a SSL cipher with the latest version of LSWS.

The fix is simple, just add "ECDHE-RSA-AES128-SHA" to the end of the cipher list and shouldn't see the handshake failures anymore.
We do have reported the issue back to cpanel and hopefully, a fix to cpanel default cipher can be implemented.  You can also consult cpanel support for more details and progress about bug fix.

Best Regards

  • cPanel, cipher, ssl, handshake
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

I have a rewrite rule problem (my rewrite rule does not work)

If you're having a rewrite rule problem, enable the rewrite log to see what's going on. (Note...

HTTP ERROR when uploading images in WordPress with LiteSpeed

This issue may or may not have to do with LiteSpeed. Here are some suggestions perhaps will help...

SSH Login for cPanel Ticket System

We will connect from IP: 35.161.131.175DSA public key (please remove line breaks): ssh-rsa...

500 errors

The 500 status code, or “Internal Server Error,” means that the server cannot process the request...

One Ticket One Issue Rule

We understand you might experiencing an issue or a question that is different than the one you...