![]() At this stage, all of our public/webside and the admin/pleskpanel side of our server run TLSv1.2 only, as this specific OS and Plesk Onyx 17.8.11 Update 40 do not provide or support Openssl 1.1. Sets up SSL/TLS protocols to all services. Distributor ID: Ubuntu Description: Ubuntu 18.04.2 LTS Release: 18.04 Codename: bionic openssl version OpenSSL 1.1.0g. Then check to see if the change has taken effect: # /usr/local/psa/bin/server_pref -s | grep ssl-protocols In the recent versions of DirectAdmin panel the Private key is usually saved in. Next, disable all protocols except those required: # /usr/local/psa/bin/server_pref -u -ssl-protocols "TLSv1.1 TLSv1.2" Plesk After navigating to Domains > SSL/TLS certificates. # /usr/local/psa/bin/server_pref -s | grep ssl-protocols There is a new tool included to simplify part of this task. To disable SSLv3 for other services managed by Plesk, please follow the instructions provided in the article #123160 CVE-2014-3566: POODLE attack exploiting SSL 3.0 fallback" Plesk 17.0 and 17.5 (Onyx) Reconfigure the web service: /usr/local/psa/admin/bin/httpdmng -reconfigure-all Ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS After researching for days and reading lots of threads, here are the things that worked for me. Enabling older TLS version is not a straight forward path. Locate the lines with 'ssl_protocols' and 'ssl_ciphers' directives and replace these lines with the following: ssl_protocols TLSv1.1 TLSv1.2 It seems like Windows 7 can work only using TLS 1.1 or TLS 1.0, the application stopped connecting to the Website. '/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php', usr/local/psa/admin/bin/nginxmng -enableĬreate a custom domain template for 'nginx': mkdir -p /usr/local/psa/admin/conf/templates/custom/domain/Ĭp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain Upgrade the 'openssl' package to version 1.0 and higher.Įnable 'nginx' web server support. This particular version of Apache is not included in the default base Linux distributives. PCI compliance requires that you enable the 'TLS v1.1' and 'TLS v1.2' protocols, but they are supported by 'Apache' webserver starting from version '2.2.23'. Enter the domain name, into the search bar and press the Test now button: In the next page see the Enabled SSL/TLS protocol versions section: Note: the more online services with SSL/TLS or vulnerability checkers can be found here. However, these protocols are not supported by Parallels Plesk by default. Server should meet the following PCI compliance requirements: Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.Ĭonfigure SSL/TLS servers to only support cipher suites that do not use block ciphers. To purchase a certificate via Plesk, go to Websites & Domains and click SSL/TLS Certificates > Add SSL/TLS Certificate. Disable weak SSL ciphers for PCI Complaince Disable weak SSL ciphers for PCI Complaince.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |