There was a problem loading the comments.

SSL Cipher Suite Security A or better at

Support Portal  »  Knowledgebase  »  Viewing Article


A to A+ grade SSL Security

To obtain an A or better grade from with your site (Interworx, CPanel) is fairly simple.

  1. First, SSH into your Server or VM.

  2. Next use vi(m) or nano to edit /etc/httpd/conf.d/vhost_domain-name.conf (where the domain-name is your domain, such as

  3. Scroll down to:

  4. Add the following under that tag: Header add Strict-Transport-Security "max-age=63072000;"
    Or if you have a wildcard SSL: Header add Strict-Transport-Security "max-age=63072000; includeSubDomains"
    To Better understand HSTS (HTTP Strict Transport-Security) read:

  5. Now go to the bottom of the file you should see: SSLEngine on

    Under that add the following:
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder On

  6. Comment out the Existing SSLCipherSuite Line by adding # before that line. You may also remove it.

  7. Insert a new SSLCiphersuite Line (Choose the one labeled Modern Browsers for most applications) You can simply copy both sets below and uncomment the one that meets your site requirements:
     #Very Strict

     #Modern Browsers

  8. Save that file and restart Apache: service httpd restart

 Optional: Redirect non-https to https via .htaccess (located at the root of your website)

Edit or create the .htaccess file in /home/username/

Add the following near the top of the file (if you have an existing file, insert above other directives)

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Save and then test at:    (Replace with your actual domain/site URL)

Share via

Related Articles

© 8Dweb LLC