How to secure a cPanel server against BEAST attacks

Last year a previously theoretical attack¬†surfaced¬†which can allow TLS security to be manipulated and weakened, it’s a simple attack and one which a simple configuration change can patch. Learn more about the BEAST attack on TLS here.

To patch Apache in cPanel is a simple 2 step process.

Step 1:

Login to WHM and navigate to: Service Configuration -> Apache Configuration -> Global Configuration

Here select the custom option for “SSL Cipher Suite” and enter the following:

ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

Click Save, then click, Rebuild Configuration and Restart Apache to compile the config change.

Step 2:

In WHM navigate to: Service Configuration -> Apache Configuration -> Include Editor

Select “All Versions” under the “Pre VirtualHost Include” section.

In the text box enter the following:

SSLHonorCipherOrder On

Click Update, then Restart Apache.

Your cPanel server should now be patched against the BEAST TLS attack, you can verify this using a security checking tool such as SSLLabs.