Plesk for Windows
Plesk for Linux
kb: how-to
ABT: Group A
Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to check what SSL/TLS versions are available for a website on a Plesk server?
Answer
- Open the https://www.cdn77.com/tls-test link.
- Enter the domain name, into the search bar and press the Test now button:
- In the next page see the Enabled SSL/TLS protocol versions section:
Note: the more online services with SSL/TLS or vulnerability checkers can be found here.
Manually from the side of Linux server
- Log into the server via SSH.
- Execute the command:
# nmap --script ssl-enum-ciphers -p 443 example.com | grep -E "TLSv|SSLv"
Note: replace the
example.comwith the name of the required domain.The output will be as shown below:
# | SSLv3: No supported ciphers found
| TLSv1.0:
| TLSv1.1:
| TLSv1.2:
Note: in case the nmap utility is not installed on the sever, install it with the command:
-
For RHEL based systems (CentOS/CloudLinux):
# yum install nmap -y
-
For Debian based systems (Ubuntu/Debian):
# apt-get install nmap -y
Comments
2 comments
Hi,
I disabled TLS versions 1.0 and 1.1 and put the SSL settings to modern on my plesk server but cdn77.com tls test shows them still enabled. Also the nmap test shows them.
I run Plesk Obsidian 18.0.27 Update #1 on Centos 7.
Output of
]# cat /etc/sw-cp-server/conf.d/ssl.conf
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH;
ssl_prefer_server_ciphers on;
What do I miss?
Hello Jack Leonard
The displayed configuration is for Plesk Panel itself.
Use this instruction: https://support.plesk.com/hc/en-us/articles/115000422229
Please sign in to leave a comment.