*** 5.2.8 build 7 already implemented the fix to it. will park it for a while and it can be finally removed soon.
There has been a known cpanel default cipher issue which may cause IE 11 and other browsers' SSL handshake failure.
cPanel default cipher is
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
while the IE 11 requires "ECDHE-RSA-AES128-SHA".
Apache and older version of LSWS does not support "CHACHA20-POLY1305", so this configuration has no effect, the default Apache cipher suite is used and it includes "ECDHE-RSA-AES128-SHA". While the latest builds of LSWS support using the new BoringSSL package which supports "CHACHA20-POLY1305" and TLSv1.3, so the configuration actually applied which resulted in IE 11 and other older browsers not successfully negotiating a SSL cipher with the latest version of LSWS.
The fix is simple, just add "ECDHE-RSA-AES128-SHA" to the end of the cipher list and shouldn't see the handshake failures anymore.
We do have reported the issue back to cpanel and hopefully, a fix to cpanel default cipher can be implemented. You can also consult cpanel support for more details and progress about bug fix.