Disabling weak protocols and hashes such as SSL and TLS on basis of security


Summary

This article provide a summary about disabling weak security protocols and hashes.

Applies To

This article applies to MachPanel Build v6.1.30 and later.

Disabling weak protocols and hashes such as SSL and TLS on basis of security

Requirements like disabling all weak protocols and hashes such as SSL2, SSL3 and TLS1.0 etc. is common these days for security administrators who want to keep their platforms away from security threats and risks. This locking down of insecure / less secure protocols mentioned above helps to prevent attacks such as POODLE, GOLDENDOODLE, Bleichenbacher etc.

A server administrator can use the best practices applied by the IISCrypto tool from Nartac to make the required registry changes on a Windows server. This tool helps block protocols like SSLv3 by disabling them on server host.

In doing this, previously MachPanel would stop you from gaining access via API (like clicking on link such as "Login to control panel" from WHMCS to login directly to MachPanel would throw the following error: “Operation failed.Error in fetching tenant details from office 365.

Details: Error processing command: System.Management.Automation.RemoteException: Authentication Error: Unable to complete authentication request (potentially a proxy issue)

If you turn SSL V3 back ON, that error would away.

MachPanel analysts and developers have made sure that the requirement to disable these protocols and hashes is fully supported. Hence, MachPanel Supports blocking of such protocols and hashes. A fix has already been made part of MachPanel latest builds (build 6.1.30 and above).

Just make sure you are running latest build 6.1.30 or above and disabling these weaker protocols wont make a difference and everything related to MachPanel and its APIs will keep working work as required.