• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved How to enable TLS 1.3

Franco

Franco

Regular Pleskian
Hello,

now that we have nginx 1.14.1 on our latest Plesk Onyx 17.8.11 I thought I would go ahead and enable TLS 1.3, according to this post: How to enable or disable TLS protocol versions in Plesk for Linux

In particular I run the command:

- plesk bin server_pref -u -ssl-protocols 'TLSv1.2 TLSv1.3'

And also rebooted, in case. My installation remains at 1.2, no matter what. What am I missing?

Many thanks you for your help.

Franco
 
Tell me please, before you apply this article, where did you read that TLSv1.3 is supported by Plesk?
 
I just can say that support of TLSv1.3 by nginx is expected soon.
 
As you've read above, on the 'public' server side @Franco it's not actually an issue with Plesk 17.8.11 at present.

Nginx has supported TLSv1.3 since release 1.13.0/* but... the server OS must also fully support OpenSSL 1.1.1/* as well, in order to make this happen when using the 'official' OpenSSL TLSv1.3 release i.e. not all the previous 'draft' TLSv1.3 releases. Unless... you modify everything yourself. Read all the later posts on THIS informative thread if you want to do that.

In our case, Ubuntu 18.04 should be in this position by the end of February 2019 with the point release of 18.04.2 according to their published schedule. After that, in theory ;) there should then be a fully supported Plesk / TLSv1.3 / Ubuntu 18.04.2 / Nginx 1.14.2/* server setup. Other OS will vary timewise with their inclusion of OpenSSL 1.1.1/* obviously...

Plesk 17.8.11 from upgrade #34 onwards does run Nginx 1.14.1 and it nicely solves some previous bugs, but this release itself will need upgrading before TLSv1.3 can be fully supported by Plesk (we think) simply because of the bug shown below. This is a bug that has already been rectified in Nginx 1.14.2 onwards (see HERE)
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
Click to expand...

Plesk Panel / GUI etc (sw-cp-server) is not the same as the 'public' server side. It's been posted on this forum previoulsy by @IgorG that the TLSv1.3 upgraded version of this will be released soon too. We're currently working on a balanced estimate in our case, of both releases being available and fully supported by Plesk, by the end of March next year (fingers crossed :))
 
You must log in or register to reply here.

Similar threads

Polli
Issue Getting DANE working
2
Replies
33
Views
3K
Polli
Polli
B
Resolved How do I enable FTPS?
Replies
10
Views
1K
Kaspar
K
E
Issue TLS 1.2 and 1.3 only
Replies
2
Views
3K
Benemortasia
B
D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
8K
omniscient
O
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
670
flederwiesel
flederwiesel
Back
Top