Here is a quick script for you to check if your cPanel/WHM server is vulnerable. Execute the following as root. If you get ANY cipher output, your server can be considered vulnerable.
[box]
for port in 21 443 465 993 995 2083 2087 2078 2096;
do echo “Scanning $port”;
for cipher in $(openssl ciphers -sslv3 ‘ALL:eNULL’ | sed -e ‘s/:/ /g’);
do echo -n | openssl s_client -sslv3 -cipher “$cipher” -connect
xxx.xxx.xxx.xxx:$port 2>&1 | grep -i “Cipher is”; done; done
[/box]
Replace xxx.xxx.xxx.xxx with your server IP.

In cPanel/WHM, 7 services need to be secured; viz, HTTP, POP3, IMAP, FTP, SMTP, Control Panel, Web Disk. Here is how we disabled SSL 3.0 in our servers:

HTTP – Apache / Nginx

To fix Apache,

In WHM, go to Home >> Service Configuration >> Apache Configuration >> Global Configuration, and set the SSL Cipher Suite to the one below:

[box]

AES128+EECDH:AES128+EDH

[/box]

Then go to Home >> Service Configuration >> Apache Configuration >> Include Editor, and include the following in Pre Main Include

[box]

SSLCipherSuite AES128+EECDH:AES128+EDHSSLProtocol All -SSLv2 -SSLv3SSLHonorCipherOrder OnSSLSessionTickets OffHeader always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"Header always set X-Frame-Options DENYHeader always set X-Content-Type-Options nosniff# Requires Apache >= 2.4SSLCompression off SSLUseStapling on SSLStaplingCache "shmcb:logs/stapling-cache(150000)"

[/box]

Restart Apache.

To fix Nginx,

Go to Nginx configuration, and change the line:

[box]

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

[/box]
to

[box]

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

[/box]

Restart Nginx.

SMTP – Exim

In WHM, go to Home >> Service Configuration >> Exim Configuration Manager >> Advanced Editor, and change tls_require_ciphers to:

[box]

-ALL:-SSLv2:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5

[/box]

Restart Exim.

POP/IMAP – Courier-IMAP / Dovecot

In WHM, go to Home >> Service Configuration >> Mailserver Configuration, and change SSL Cipher List to:

[box]

-ALL:-SSLv2:!ADH:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5

[/box]

FTP – Pure-FTP / Pro-FTP

In WHM, go to Home >> Service Configuration >> FTP Server Configuration, and change the TLS Cipher Suite to:

[box]

!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5

[/box]

cPanel Web Services

In WHM, go to Home >> Service Configuration >> cPanel Web Services Configuration, and change TLS/SSL Cipher List to:

[box]

!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5

[/box]

cPanel Web Disk

In WHM, go to Home >> Service Configuration >> cPanel Web Disk Configuration, and changeTLS/SSL Cipher List to:

[box]

!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5

[/box]