How to enable or disable TLS protocol versions in Plesk for Linux

Follow

Comments

6 comments

  • Avatar
    Dr. Koontz (Edited )

    It's worth mentioning that disabling TLSv1.0 also disables Plesk Premium Antivirus.

    According to that article:

    Cause

    TLSv1 disabled for sw-cp-server.
    As Plesk Premium Antivirus supports only TLSv1
    the service cannot communicate with Plesk.

    Since disabling TLSv1.0 also disables Plesk Premium Antivirus (a.k.a. Dr.Web), adding a note with a warning about the issue to this article, with a link to the other knowledge base article I linked above, is warranted so others can take it in to consideration before proceeding with disabling TLSv1.0.

  • Avatar
    Ivan Postnikov

    Hello @Dr. Koonz, thank you for the notice, the article will be reviewed and updated.

  • Avatar
    Aristeidis Vlachopanos

    Hello, I am using the above commands in my linux server running

    OS Debian 6.0.10
    Plesk version 12.5.30 Update #24

    and I am getting

    plesk bin server_pref -u -ssl-protocols "TLSv1.1 TLSv1.2"
    Warning: Current locale is unusable. Using 'C' instead.
    [2018-08-21 17:26:21] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/sslmng' '--protocols' 'TLSv1.1 TLSv1.2'] with exit code [1]
    sslmng failed: WARNING:Ignoring unsuppored protocol TLSv1.1
    WARNING:Ignoring unsuppored protocol TLSv1.2
    ERROR:No supported protocols supplied
    exit status 1

    how do I resolve this?

  • Avatar
    Ivan Postnikov

    Hello @Aristeidis,

    Debian 6 has reached EOL and is not supported.

    The recommended approach is to install Plesk Onyx on one of the supported OS versions (https://docs.plesk.com/release-notes/onyx/software-requirements/) and migrate the domains to the new server.

     

     

  • Avatar
    Wolfgang Reidlinger (Edited )

    This is my system:

    Product version: Plesk Onyx 17.8.11 Update #35
    Update date: 2018/12/22 17:07
    Build date: 2018/12/12 07:22
    OS version: Ubuntu 18.04
    Revision: a3b2193c4694c7c9adea4d6bcd5882fff19ce9ef
    Architecture: 64-bit
    Wrapper version: 1.2

     

    To enable TLSv1.2 server-wide and activate strong ciphers, I did the following.
    I miss Strict Transport Security (HSTS) and OCSP Stapling, but the features are quite limited. (https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/server_pref-interface-and-system-preferences.37785/)

     

    /usr/local/psa/bin/server_pref -u -ssl-protocols 'TLSv1.2'

    /usr/local/psa/bin/server_pref -u -ssl-ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384'

     

    root@admin:~# /usr/local/psa/bin/server_pref -s | grep ssl-*

    ssl-protocols: TLSv1.2
    ssl-ciphers: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

  • Avatar
    Ivan Postnikov

    Hello @Wolfgang,

    Thank you for sharing your user experience.

    It may be helpful to other Pleskians.

Please sign in to leave a comment.

Have more questions? Submit a request