[How to] Disable TLSv1.1?

Created:

2016-11-16 13:00:12 UTC

Modified:

2017-04-24 12:00:43 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[How to] Disable TLSv1.1?

Applicable to:

  • Plesk 12.5 for Linux

Question

How to disable TLSv1.1?

Answer

Remove TLSv1.1 from SSL directives in NGINX configuration file /etc/nginx/nginx.conf :

    ssl_protocols TLSv1.2;

Additionally, for all sites in Plesk 11.0 for Linux it should be customized using configuration templates:

    # mkdir -p /usr/local/psa/admin/conf/templates/custom/
# mkdir -p /usr/local/psa/admin/conf/templates/custom/domain/
# cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/
# sed -i 's/ssl_protocols SSLv2 SSLv3 TLSv1;/ssl_protocols TLSv1.2;/g' /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

For all sites in Plesk 11.5 for Linux:

    # mkdir -p /usr/local/psa/admin/conf/templates/custom/
# mkdir -p /usr/local/psa/admin/conf/templates/custom/domain/
# cp /usr/local/psa/admin/conf/templates/default/nginxWebmailPartial.php /usr/local/psa/admin/conf/templates/custom/
# cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain/

# sed -i 's/ssl_protocols SSLv2 SSLv3 TLSv1;/ssl_protocols TLSv1.2;/g' /usr/local/psa/admin/conf/templates/custom/nginxWebmailPartial.php
# sed -i 's/ssl_protocols SSLv2 SSLv3 TLSv1;/ssl_protocols TLSv1.2;/g' /usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php

Then, reconfigure all web server configuration files:

    # /usr/local/psa/admin/bin/httpdmng --reconfigure-all

WARNING Execution of httpdmng utility with --reconfigure-all option can cause significant downtime in case of big number of hosted websites. To avoid such situation rebuild configuration files by bunches using --reconfigure-domains option:

    /usr/local/psa/admin/bin/httpdmng  --reconfigure-domains <domain_name>[,<domain_name>[,<domain_name>[,...]]]
Have more questions? Submit a request
Please sign in to leave a comment.