• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Changing NGINX to only use TLS1.2

M

Martin Andersson

New Pleskian
Hello!

The latest update of 11.5.30 has broken my custom NGINX settings which allowed only TLS1.2. My sites are now using SSLV3 and TLSV1 only. For the life of me, I can't figure out where to change this back. All my NGINX configuration files seem to be correct under /etc/nginx/plesk.conf.d/ -- what am I missing? :)

Many thanks,

Martin
 
InderS said:
Try to chnage your site nginx setting with the "ssl_protocols -- SSLv3 TLSv1 TLSv1.1 TLSv1.2"

Check this : http://nginx.org/en/docs/http/configuring_https_servers.html
Click to expand...

Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
 
Martin Andersson said:
Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
Click to expand...

To make it more interesting, I just created a new webspace and it has the correct SSL settings. :) I have tried running:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

But hasn't changed the problem for any webspace that was enabled during the last update....

/M
 
I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.

(http://forum.parallels.com/showthread.php?300627-nginx-reverse-proxy-with-TLSv1-1-and-TLSv1-2)
 
You must log in or register to reply here.

Similar threads

PeopleInside
Issue with Google Drive Backup
Replies
6
Views
696
PeopleInside
PeopleInside
H
Resolved Nginx + non "plain" Wordpress Permalinks error.
2
Replies
22
Views
10K
tomandersen
T
michaeljoseph01
Question Imunify360 or fail2ban PLEASE give me your input
Replies
6
Views
2K
The 8th
The 8th
C
Issue Issue with NGINX and Apache Crashing
Replies
4
Views
863
Quinten
Quinten
PeopleInside
Resolved CORS stop to working using HTTP 2 Plesk Plesk Obsidian Version 18.0.52
Replies
17
Views
3K
PeopleInside
PeopleInside
Back
Top