Weak SSL/TLS ciphers are older encryption algorithms that have known vulnerabilities and can be exploited by attackers to intercept or manipulate data. Disabling weak ciphers on your Exim mail server ensures that only secure encryption methods are used for SMTP connections, protecting email communications between your server and others.

Step 1: Log in to WHM

Log in to your WHM interface at https://your-server-ip:2087 with your root credentials.

Step 2: Open Exim Configuration Manager

Navigate to Home » Service Configuration » Exim Configuration Manager.

Step 3: Switch to the Basic Editor

Click the Basic Editor tab at the top of the page.

Step 4: Locate the weak ciphers setting

Click the Security tab in the Basic Editor to filter the settings. Find the Allow weak SSL/TLS ciphers option.

Step 5: Disable weak ciphers

Toggle the Allow weak SSL/TLS ciphers setting to Off. This ensures that only strong, modern ciphers are used for Exim’s TLS connections.

Step 6: Save the configuration

Click Save at the bottom of the page. The system will rebuild the Exim configuration and restart the mail service automatically.

Important Notes

  • Disabling weak ciphers improves your server’s security posture and helps meet PCI-DSS compliance requirements.
  • Some very old mail servers that only support legacy encryption may fail to deliver mail to your server after this change. This is rare in modern email infrastructure.
  • Always use the Basic Editor or Advanced Editor in WHM to make Exim changes. Do not edit /etc/exim.conf manually, as your changes will be overwritten during updates.
  • This setting is part of WHM’s Exim Configuration Manager, valid for WHM version 108 and later.

Troubleshooting

  • Mail delivery failures after saving: If a remote mail server cannot connect due to cipher incompatibility, check your Exim mail log at /var/log/exim_mainlog for TLS-related errors. You may need to coordinate with the remote server’s administrator to upgrade their TLS configuration.
  • Setting not found: Use the Find search box at the top of the Basic Editor to search for “weak”. Some settings may not appear depending on your server’s profile configuration.
Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...