Dukemaster
Regular Pleskian
Hi,
thanks again for the amazing PLESK Software !
Today I successfully performed the Upgrade over Plesk Update Panel.
Now, I realized that the new SSL configuration in Plesk panel is tricky.
I use ONLY NGINX webserver configuration! No nginx as proxy.
So I see that the etc/nginx/conf.d/ssl.conf changed in a very important step:
from
ssl_prefer_server_ciphers on;
to
ssl_prefer_server_ciphers off;
and this is always done by Plesk if I change the "new" SSL configuration in the subscription.
also the cipher suites are changed.
If I activate HSTS in subscription then I get double HSTS headers (SSLLabs).
So I disabled HSTS on subription level.
Please, do you know the configuration to use TLS 1.3 .
I get TLS 1.3 today by the following configuration, but PLESK changes the ssl.conf every time when someone changes the SSL configuration on subscription level over Plesk panel, for example only activating the main SSL option
"Securing website".
and how can I configure persistent SSL configuration in ssl.conf ?
Thanks
thanks again for the amazing PLESK Software !
Today I successfully performed the Upgrade over Plesk Update Panel.
Now, I realized that the new SSL configuration in Plesk panel is tricky.
I use ONLY NGINX webserver configuration! No nginx as proxy.
So I see that the etc/nginx/conf.d/ssl.conf changed in a very important step:
from
ssl_prefer_server_ciphers on;
to
ssl_prefer_server_ciphers off;
and this is always done by Plesk if I change the "new" SSL configuration in the subscription.
also the cipher suites are changed.
If I activate HSTS in subscription then I get double HSTS headers (SSLLabs).
So I disabled HSTS on subription level.
Please, do you know the configuration to use TLS 1.3 .
I get TLS 1.3 today by the following configuration, but PLESK changes the ssl.conf every time when someone changes the SSL configuration on subscription level over Plesk panel, for example only activating the main SSL option
"Securing website".
and how can I configure persistent SSL configuration in ssl.conf ?
Code:
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
Thanks
Last edited: