How to enable or disable TLS protocol versions in Plesk for Linux?

Follow

Comments

8 comments

  • Avatar
    Dr. Koontz (Edited )

    It's worth mentioning that disabling TLSv1.0 also disables Plesk Premium Antivirus.

    According to that article:

    Cause

    TLSv1 disabled for sw-cp-server.
    As Plesk Premium Antivirus supports only TLSv1
    the service cannot communicate with Plesk.

    Since disabling TLSv1.0 also disables Plesk Premium Antivirus (a.k.a. Dr.Web), adding a note with a warning about the issue to this article, with a link to the other knowledge base article I linked above, is warranted so others can take it in to consideration before proceeding with disabling TLSv1.0.

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Dr. Koonz, thank you for the notice, the article will be reviewed and updated.

    0
    Comment actions Permalink
  • Avatar
    Aristeidis Vlachopanos

    Hello, I am using the above commands in my linux server running

    OS Debian 6.0.10
    Plesk version 12.5.30 Update #24

    and I am getting

    plesk bin server_pref -u -ssl-protocols "TLSv1.1 TLSv1.2"
    Warning: Current locale is unusable. Using 'C' instead.
    [2018-08-21 17:26:21] ERR [util_exec] proc_close() failed ['/opt/psa/admin/bin/sslmng' '--protocols' 'TLSv1.1 TLSv1.2'] with exit code [1]
    sslmng failed: WARNING:Ignoring unsuppored protocol TLSv1.1
    WARNING:Ignoring unsuppored protocol TLSv1.2
    ERROR:No supported protocols supplied
    exit status 1

    how do I resolve this?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Aristeidis,

    Debian 6 has reached EOL and is not supported.

    The recommended approach is to install Plesk Onyx on one of the supported OS versions (https://docs.plesk.com/release-notes/onyx/software-requirements/) and migrate the domains to the new server.

     

     

    0
    Comment actions Permalink
  • Avatar
    Wolfgang Reidlinger (Edited )

    This is my system:

    Product version: Plesk Onyx 17.8.11 Update #35
    Update date: 2018/12/22 17:07
    Build date: 2018/12/12 07:22
    OS version: Ubuntu 18.04
    Revision: a3b2193c4694c7c9adea4d6bcd5882fff19ce9ef
    Architecture: 64-bit
    Wrapper version: 1.2

     

    To enable TLSv1.2 server-wide and activate strong ciphers, I did the following.
    I miss Strict Transport Security (HSTS) and OCSP Stapling, but the features are quite limited. (https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/server_pref-interface-and-system-preferences.37785/)

     

    /usr/local/psa/bin/server_pref -u -ssl-protocols 'TLSv1.2'

    /usr/local/psa/bin/server_pref -u -ssl-ciphers 'ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384'

     

    root@admin:~# /usr/local/psa/bin/server_pref -s | grep ssl-*

    ssl-protocols: TLSv1.2
    ssl-ciphers: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @Wolfgang,

    Thank you for sharing your user experience.

    It may be helpful to other Pleskians.

    0
    Comment actions Permalink
  • Avatar
    Bruno SCHOULER

    Hello all

    My server is

    Version Plesk Onyx v17.5.3_build1705170317.16 os_CentOS 6
    OS

    CentOS 6.10 (Final)

    php 5.4.45

     

    I have problems with paypal module on prestashop. It is specified that now paypal needs TLS 1.2

    actually, TLS version is not compatible tell paypal !

    I'm not sure I can do this command in this post

     

    If I refer to this post, the command:  /usr/local/psa/bin/server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'

    is supposed to add  TLS 1.1 and TLS1.2 ??? Is that Right ?

    In this post; comments says gettin,g problems : It's worth mentioning that disabling TLSv1.0 also disables Plesk Premium Antivirus.

    So my question :

    if i launch taht command, do I active both TLS1 and TLS1.2 or do I add TLS b1 and TLS 1.2 ?

    thanks for help

    0
    Comment actions Permalink
  • Avatar
    Julian Bonpland Mignaquy (Edited )

    @Bruno

    The command you specified enables both TLSv1.1 and TLSv1.2 and the second one enabled only TLSv1.2:

    plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'.

    plesk bin server_pref -u -ssl-protocols 'TLSv1.2'

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request