Plesk for Linux kb: how-to ABT: Group A
- Plesk for Linux
Does Plesk service (sw-cp-server) support the version 1.3 of the TLS protocol on Linux server?
The support of TLS v1.3 has been implemented in Plesk Obsidian and is available only for RHEL 8, Ubuntu 18.04, Ubuntu 20.04, and Debian 10 because this protocol requires version 1.1.1 of OpenSSL, available on official repositories of the aforementioned OSes. Also, TLS v1.3 support is enabled by default on all new Plesk installations on these OSes.
To enable TLSv1.3 for
sw-cp-server service follow the instructions from the article: How to enable or disable TLS protocol versions in Plesk for Linux?
Note: Plesk Onyx does not support TLS version 1.3, and its support is not planned to be implemented under it.
Is this supported on CentOS 8? If so, how?
Hello Mitchell van Bijleveld
Yes, CentOS 8 supports this functionality.
Please, try this article: https://support.plesk.com/hc/en-us/articles/115000422229-How-to-enable-or-disable-TLS-protocol-versions-in-Plesk-for-Linux-
Thx for this Information :)
it seems to me, that TLSv.1.3 is enabled by default.
But SSLIt seems to be buggy, because also with the option modern TLSv.1 and v1.1. are still enabled and the weak ciphers are still present.
Hello Marko D.
Please, check my comment here.
There is a bug in the SSLit! extension. When you try to update the Mozilla configurations it will only load https://statics.tls.security.mozilla.org/server-side-tls-conf-4.0.json which is outdated and only has TLS 1.2 for the "modern" configuration. The current version is https://statics.tls.security.mozilla.org/server-side-tls-conf-5.0.json which correctly places TLS 1.3 into the "modern" category and a mixed TLS 1.2/3 for intermediate.
So even though TLS 1.3 is theoretically supported by Plesk it cannot be activated via GUI with the SSLit! extension.
Ivan Postnikov your CLI guide is nice but is not recommended to be used in conjunction with the SSLit! extension and thus is no answer to this bug. Just wanted to make sure this is known in advance.
My request: Plese update the SSLit! extension so it correctly grabs the V5 of Mozillas TLS configuration found here: https://statics.tls.security.mozilla.org/server-side-tls-conf-5.0.json
Version 1.6.0 of SSLit! was recently released. It supports the latest Mozilla preset in Plesk Obsidian, give it a try!
Is Almalinux supported ?
Product version: Plesk Obsidian 22.214.171.124
OS version: AlmaLinux 8.7 x86_64
Please sign in to leave a comment.