HowTo Enable Perfect Forward Secrecy (PFS) in cPanel

Update SSLCipherSuite as below:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK

Edit Apache Configuration > Include Editor > Pre Main Include > All Versions

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

Verify at

3 thoughts on “HowTo Enable Perfect Forward Secrecy (PFS) in cPanel”

  1. Pingback: cPanel SSL 安全性調整 - 路老闆的部落格
  2. Pingback: cPanel SSL 安全性調整 – 路老闆的部落格
  3. Pingback: cPanel SSL 安全性調整 – 路破皮的部落格

Leave a Reply

Your email address will not be published. Required fields are marked *