Perfect Forward Secrecy (ECDHE_RSA) in WHM Cpanel login
In cryptography, forward secrecy is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. Sites that use perfect forward secrecy can provide better security to users in cases where the encrypted data is being monitored and recorded by a third party, that is your spy next door. Turning on perfect forward secrecy is an important improvement that protects cPanel users. However, this feature is still not available in the WHM cPanel login. This occurs because WHM web service (WHM/cPanel/webmail login page) does not use Apache, but some software, developed in house by cPanel. Unfortunately, cPanel services do not natively support any cipher suites with ephemeral Diffie-Hellman key exchange, either the traditional algorithm or the elliptic-curve variant even if you try to enable it from cPanel Web Services Configuration. It works for Apache, but it does not work for WHM web service (WHM/cPanel/webmail logins). It just ignores ECDHE_RSA and reverts back to RSA. The implementation of ECDHE_RSA (Perfect Forward Secrecy) needs some coding but can be done quickly and will improve overall security for cPanel clients.