Articles & Code Snippets


WHM/cPanel AutoSSL issue with Google Chrome (ERR_EMPTY_RESPONSE)

Today few clients complained about their websites not working in Google Chrome. It seems to be an issue caused by a recent EasyApache 4 update where cPanel included a newer version of OpenSSL to be used with EasyApache, and this version of OpenSSL included some code that uses SSE4.1 or SSE4.2 CPU features. The reason that this problem affects Chrome browsers is because it uses the POLY1305 cryptographic algorithm and this triggers the problem in OpenSSL on the server.

Until EA-6544 is resolved, this issue can be prevented by removing CHACHA20-POLY1305 ciphers from the Apache cipher list, following the next steps:

  • Go to WHM >> Home >> Service Configuration >> Apache Configuration >> Gobal Configuration > SSL Cipher Suite and set:

  • Click Save at the bottom of the options screen
  • Rebuild & Restart Apache

The above is the default cipher list without "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305", which are the two ciphers which will trigger the problem at this time. If you are using a custom cipher list, you can remove those two ciphers. After EA-6544 is resolved it should be safe to set the cipher list to the default setting again.

Once this change is made the sites should function normally for all browsers.

Thank you cPanel Support! web