• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved How to enable TLS 1.3

Franco

Franco

Regular Pleskian
Hello,

now that we have nginx 1.14.1 on our latest Plesk Onyx 17.8.11 I thought I would go ahead and enable TLS 1.3, according to this post: How to enable or disable TLS protocol versions in Plesk for Linux

In particular I run the command:

- plesk bin server_pref -u -ssl-protocols 'TLSv1.2 TLSv1.3'

And also rebooted, in case. My installation remains at 1.2, no matter what. What am I missing?

Many thanks you for your help.

Franco
 
Tell me please, before you apply this article, where did you read that TLSv1.3 is supported by Plesk?
 
I just can say that support of TLSv1.3 by nginx is expected soon.
 
As you've read above, on the 'public' server side @Franco it's not actually an issue with Plesk 17.8.11 at present.

Nginx has supported TLSv1.3 since release 1.13.0/* but... the server OS must also fully support OpenSSL 1.1.1/* as well, in order to make this happen when using the 'official' OpenSSL TLSv1.3 release i.e. not all the previous 'draft' TLSv1.3 releases. Unless... you modify everything yourself. Read all the later posts on THIS informative thread if you want to do that.

In our case, Ubuntu 18.04 should be in this position by the end of February 2019 with the point release of 18.04.2 according to their published schedule. After that, in theory ;) there should then be a fully supported Plesk / TLSv1.3 / Ubuntu 18.04.2 / Nginx 1.14.2/* server setup. Other OS will vary timewise with their inclusion of OpenSSL 1.1.1/* obviously...

Plesk 17.8.11 from upgrade #34 onwards does run Nginx 1.14.1 and it nicely solves some previous bugs, but this release itself will need upgrading before TLSv1.3 can be fully supported by Plesk (we think) simply because of the bug shown below. This is a bug that has already been rectified in Nginx 1.14.2 onwards (see HERE)
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
Click to expand...

Plesk Panel / GUI etc (sw-cp-server) is not the same as the 'public' server side. It's been posted on this forum previoulsy by @IgorG that the TLSv1.3 upgraded version of this will be released soon too. We're currently working on a balanced estimate in our case, of both releases being available and fully supported by Plesk, by the end of March next year (fingers crossed :))
 
You must log in or register to reply here.

Similar threads

E
Issue TLS 1.2 and 1.3 only
Replies
2
Views
2K
Benemortasia
Benemortasia
D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
5K
omniscient
O
Kulturmensch
Question TLS-Versions Mozilla - only TLSv1.3 is provided with variant "modern"
Replies
0
Views
367
Kulturmensch
Kulturmensch
O
Question Nginx compile by Plesk and chipers
Replies
6
Views
1K
IgorG
IgorG
D
Resolved After enabling MSMTP: sw-service unable to start
Replies
2
Views
876
dbitsch
D
Back
Top