So I did all the instructions and I have to say that I'm nearly a newby in webserver management - that's why I'm using Plesk and I'm thankful for every help!
Step 1) I loaded the script for linux that should deactivate the ssl 3.0 fallback, poodle shows now folling result:
85.xxx.xxx.xxx:21 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:587 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:443 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:465 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:7081 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:8443 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:993 - Not vulnerable. Failed to establish SSLv3 connection.
85.xxx.xxx.xxx:995 - Vulnerable! SSLv3 connection established using SSLv3/DHE-R
SA-AES256-SHA
So SSL is still possible for mail right? Is that correct?
Step 2)
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Step 3)
/usr/local/psa/bootstrapper/pp12.0.18-bootstrapper/bootstrapper.sh repair
Step 4)
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --reinstall-patch --install-component base
Even Restarted the Server, stopped nginx -> because I thought nginx aborted the request, but it was still aborted from apache2 (i think)
So Nothing changed, how can i change the log level?
nginx error.log is still:
[error] 16144#0: *50 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 94.139.16.155, server: 85.xxx.xxx.xxx:443
In /etc/nginx/plesk.conf.d/vhosts/@xxx.conf are now the following definitions for ssl:
server {
listen 85.xxx.xxx.xxx:443 ssl;
server_name xxx.de;
server_name
www.xxx.de;
server_name ipv4.xxx.de;
ssl_certificate /opt/psa/var/certificates/cert-4uznHW;
ssl_certificate_key /opt/psa/var/certificates/cert-4uznHW;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 128m;
root "/var/www/vhosts/xxx.de/httpdocs/public";
access_log "/var/www/vhosts/system/xxx.de/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/xxx.de/logs/proxy_error_log";
if ($host ~* ^
www.xxx.de$) {
rewrite ^(.*)$
https://xxx.de$1 permanent;
}
location / {
proxy_pass
https://85.xxx.xxx.xxx:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Accel-Internal /internal-nginx-static-location;
access_log off;
}
location /internal-nginx-static-location/ {
alias /var/www/vhosts/xxx.de/httpdocs/public/;
add_header X-Powered-By PleskLin;
internal;
}
}
What now? Did I forget something? :/