Facebook
TwitterDear all,
after googleing three days and reading much KBs and tutorials/workarounds I'm still stuck and would like to ask for some help.
I'm new to plesk and need to secure a VPS runnig plesk for one of our clients because his admin has quit.
There are some domains hosted on the server, it is runnig apache as webserver and I'm currently trying to disable SSLv3 and weak Ciphers so I've first tried:
http://download1.parallels.com/Ples...compliance-guide/index.htm?fileName=65871.htm
Disabling weak SSL ciphers and protocols
/usr/local/psa/admin/bin/pci_compliance_resolver --enable all
service apache2 restart
this did not change anything on sitechecks like https://www.tinfoilsecurity.com/poodle or https://www.ssllabs.com/ssltest/
so I've tried to update the ciphers in
/etc/sw-cp-server/conf.d/pci-compliance.conf
and restarted apache but without any visible results.
I think this patch relies to ngix webserver, I'm using apache
so I've searched for apache configs and found a reccommendation to edit
/etc/apache2/mods-available/ssl.conf and changing the values:
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5!:!RC4
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
service apache2 restart
but this had also no effect, I still got the message that SSLv3 is still enabled.
Is anybody runnig a similar setup so that you could provide info where I should edit files to make sure they're recognized by Plesk?
Do I still need to patch ngix even if I don't use it?
Thank you very much for reading (I know that there aresome threads in this board and others but I've currently nothing found that works) and your help.
after googleing three days and reading much KBs and tutorials/workarounds I'm still stuck and would like to ask for some help.
I'm new to plesk and need to secure a VPS runnig plesk for one of our clients because his admin has quit.
There are some domains hosted on the server, it is runnig apache as webserver and I'm currently trying to disable SSLv3 and weak Ciphers so I've first tried:
http://download1.parallels.com/Ples...compliance-guide/index.htm?fileName=65871.htm
Disabling weak SSL ciphers and protocols
/usr/local/psa/admin/bin/pci_compliance_resolver --enable all
service apache2 restart
this did not change anything on sitechecks like https://www.tinfoilsecurity.com/poodle or https://www.ssllabs.com/ssltest/
so I've tried to update the ciphers in
/etc/sw-cp-server/conf.d/pci-compliance.conf
and restarted apache but without any visible results.
I think this patch relies to ngix webserver, I'm using apache
so I've searched for apache configs and found a reccommendation to edit
/etc/apache2/mods-available/ssl.conf and changing the values:
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5!:!RC4
SSLHonorCipherOrder on
SSLProtocol All -SSLv2 -SSLv3
service apache2 restart
but this had also no effect, I still got the message that SSLv3 is still enabled.
Is anybody runnig a similar setup so that you could provide info where I should edit files to make sure they're recognized by Plesk?
Do I still need to patch ngix even if I don't use it?
Thank you very much for reading (I know that there aresome threads in this board and others but I've currently nothing found that works) and your help.
