Add to Favourites Add to Favourites    Print this Article Print this Article

I want to use different ciphers with Apache, using CustomBuild 2.0

With the ever evolving needs for security, good encryption cipher lists can change regularly.   Also, the needs of those connecting to a given server may be different from box to box, eg:etc.. so each case might be different.

To use different ciphers with Apache 2.x and CustomBuild 2.0, you can use the "custom" folder method to manage your own cipher lists and ssl rules.

Run the following:

cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2/conf/extra
cp configure/ap2/conf/extra/httpd-ssl.conf custom/ap2/conf/extra/httpd-ssl.conf

which then lets you edit:


for changes such as:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1


SSLHonorCipherOrder On

SSLCompression off

for example, if you wanted a more secure list of ciphers.
Note: the SSLCipherSuite list is all one long line.

This tool is very useful to get a good list for your scenario:

Once you've created the custom httpd-ssl.conf as desired, you can then install it with:

cd /usr/local/directadmin/custombuild
./build rewrite_confs

To disable TLSv1.1 and only allow TLSv1.2 and TLSv1.3 on OpenLiteSpeed:

echo '|?SSLPROTOCOL=24|' >> /usr/local/directadmin/data/templates/custom/openlitespeed_vhost.conf.CUSTOM.pre
/usr/local/directadmin/custombuild/build rewrite_confs

Was this answer helpful?

Also Read