So I have a website and I generated the SSL certs for it using letsencrypt-auto. I’ve installed them and have been using them and it’s great. I noticed someone was trying to get into my server, a lot, using brute-force type attacks. So I installed this add-on software for cPanel / WHM called ConfigServer Firewall. It’s great. There’s a section where I can have it scan my whole server for vulnerabilities and I did that. I’ve been slowly fixing them. But I ran into one and I’m not sure what to do. It says:
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
I understand the directions on how to disable the SSLv2 cipher. I don’t really know much about SSL certificates and DNS servers and stuff but I’m learning. I’m pretty sure the certs I generated are using the TLS 1.2. I’m sorry if this is a dumb question, but am I right on that? These aren’t using the SSLv2 and SSLv3 cipher, right? I can safely disable those? Thanks!