pci_compliance_resolver utility enables TLSv1.0 on Plesk 12.5 servers

Created:

2017-06-14 09:45:23 UTC

Modified:

2017-08-16 16:53:56 UTC

0

Was this article helpful?


Have more questions?

Submit a request

pci_compliance_resolver utility enables TLSv1.0 on Plesk 12.5 servers

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

On Plesk 12.5, TLSv1.0 gets enabled:

# cat /etc/postfix/main.cf | grep -i smtpd_tls_protocols
smtpd_tls_protocols = TLSv1 TLSv1.1 TLSv1.2

after executing the following command:

# plesk sbin pci_compliance_resolver --enable

Cause

This issue has been considered as Plesk bug #PPPM-6476 and will be fixed in future product updates.

Resolution

Update /usr/local/psa/admin/bin/pci_compliance_resolver script in the following way:

@@ -302,7 +302,7 @@
    local action="$1"

        if [ "$action" = "enable" ]; then
-              local use_protocols="TLSv1 TLSv1.1 TLSv1.2"
+              local use_protocols="TLSv1.1 TLSv1.2"

Additional Information

How to pass PCI compliance scan?

Tune Plesk to Meet PCI DSS on Linux

Have more questions? Submit a request
Please sign in to leave a comment.