Virtualmin SSL over port 10000 :: Your connection is encrypted using an obsolete cipher suite.

(1) Google says: “Your connection is encrypted using an obsolete cipher suite”

Recent Google shying messages on the SSL Certificates: “Your connection is encrypted using an obsolete cipher suite” are annoying to those who purchased a new SSL Certificate, and get scared about the encryption being obsolete.

(2) Google says: “Your connection is encrypted using a modern cipher suite”

(2.1) Enable headers mod for Apache2

a2enmod headers

service apache2 restart

(2.2) Edit default-ssl and/or other SSL enabled sites:

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile /path/to/signed_certificate
SSLCertificateChainFile /path/to/intermediate_certificate
SSLCertificateKeyFile /path/to/private/key
SSLCACertificateFile /path/to/all_ca_certs

intermediate configuration, tweak to your needs

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

HSTS (mod_headers is required) (15768000 seconds = 6 months)

Header always set Strict-Transport-Security “max-age=15768000”

(3) Virtualmin

Virtualmin over port 10000 or 20000 shows the SSL Certificate information, saying the encryption is obsolete, which obviously means it doesn’t use Apache2’s <VirtualHost *:443> SSL configuration.

(4) Question

Where and how can we edit the SSL options for Virtualmin over port 10000 or 20000 or any other ports, to use the above settings for port 443, since it doesn’t seem to be using Apache2 and its settings at all.