Plesk for Windows
Plesk for Linux
kb: how-to
ABT: Group A
Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to check what SSL/TLS versions are available for a website on a Plesk server?
Answer
- Open the https://www.cdn77.com/tls-test link.
- Enter the domain name, into the search bar and press the Test now button:
- In the next page see the Enabled SSL/TLS protocol versions section:
Note: the more online services with SSL/TLS or vulnerability checkers can be found here.
Manually from the side of Linux server
- Log into the server via SSH.
- Execute the command:
# for proto in 1 1_1 1_2 1_3; do openssl s_client -connect example.com:443 "-tls${proto}" 2>/dev/null < <(sleep 1; echo q) | grep Protocol | uniq; done
Note: replace the
example.comwith the name of the required domain.The output will be as shown below:
# Protocol : TLSv1
Protocol : TLSv1.1
Protocol : TLSv1.2
Protocol : TLSv1.3
Comments
2 comments
Hi,
I disabled TLS versions 1.0 and 1.1 and put the SSL settings to modern on my plesk server but cdn77.com tls test shows them still enabled. Also the nmap test shows them.
I run Plesk Obsidian 18.0.27 Update #1 on Centos 7.
Output of
]# cat /etc/sw-cp-server/conf.d/ssl.conf
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH;
ssl_prefer_server_ciphers on;
What do I miss?
Hello Jack Leonard
The displayed configuration is for Plesk Panel itself.
Use this instruction: https://support.plesk.com/hc/en-us/articles/115000422229
Please sign in to leave a comment.