Applicable to:
- Plesk for Windows
Question
How to manage SSL/TLS ciphers and protocols in Plesk for Windows?
For example, disable insecure ciphers and enable more recent ones.
Answer
Note: Plesk doesn not provide build-in functionality to manage SSL/TLS ciphers on Windows server. Use Windows utilities or 3rd-party applications instead.
-
Connect to the server via RDP.
-
Go to Start > Edit group policy.
-
Go to Local Computer Policy > Computer Configuration > Administrative Template > Network > SSL Configuration Settings > SSL Cipher Suite Order.
-
Set option Enabled.
-
Edit SSL Cipher Suites in the line.
-
Press OK to apply changes.
-
Connect to the server via RDP
-
Download free utility IIS Crypto and launch it
-
Open tab Schannel
-
Select the version of the protocol to enable/disable
-
Click Apply:
Additional Information
How to enable/disable particular TLS version in Plesk on Linux?
Comments
4 comments
Hi,
We are using windows server 2012 and plesk web pro edition, I am trying to enable weak chiper suites using IISCrypto tool, but after disable when i check in sslabs or nmap tool, its says that weak chiper are still available. Can help please?
thanks,
Vetrichelvan
Hello @Vetri Chelvan,
Please try using Windows Group Policy Editor utility.
The article has been updated and the information can be found in section "Using Windows utilities" above.
Hello Maxim,
Thanks for your prompt response, I tried both the ways and restarted our server already, but still I do see weak cipher suites are available when i test by ssllabs.
Thanks,
Vetrichelvan
Hi @Vetri, I recommend double checking if the weak ciphers are still showing when testing the manual way in https://support.plesk.com/hc/en-us/articles/115004991834-How-to-check-what-SSL-TLS-versions-are-available-for-a-website-
If they are still shown please open a support ticket with us as follows https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Please sign in to leave a comment.