Disable weak SSL/TLS ciphers for PCI Complaince

Created:

2016-11-16 13:23:14 UTC

Modified:

2017-08-17 18:38:06 UTC

2

Was this article helpful?


Have more questions?

Submit a request

Disable weak SSL/TLS ciphers for PCI Complaince

Applicable to:

  • Plesk for Linux
  • Plesk 11.x for Linux
  • Plesk 12.0 for Windows
  • Plesk 12.0 for Linux

Symptoms

Server should meet the following PCI compliance requirements:

  • Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
  • Configure SSL/TLS servers to only support cipher suites that do not use block ciphers.

However, these protocols are not supported in Plesk by default.

Cause

PCI compliance requires that you enable the TLS 1.1 and TLS 1.2 protocols, but they are supported by Apache web server starting from 2.2.23 version.

Resolution

  1. Make sure that all system packages are up to date and the latest Plesk microupdate has installed

  2. Follow instructions provided in the article #213933745 - CVE-2015-4000 LOGJAM TLS DH vulnerability

Have more questions? Submit a request
Please sign in to leave a comment.