• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

New Plesk 12 install has POODLE unpatched

G

gbotica

Regular Pleskian
Hi,

I just got a new Plesk 12 VPS with MediaTemple. As deployed fresh, the server has the POODLE vulnerability unpatched -- I would have thought Parallels would have new installs fixed by now?

Anyway, rather than going through the lengthy patching process, as described here http://kb.odin.com/en/123160 I was hoping to find the quickest and most robust fix. There is a script available on the KB page to automate the patching, but it didn't work on some of my other Plesk installs, I had to do it manually.

I see that the site templates at /usr/local/psa/admin/conf/templates/default/ have been updated with things like this:

Code: 
<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
    ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>

Where is this param 'disablesslv3' set? How can it be set to 'true'?

Does setting this param affect other services, also patching them for POODLE? Or does it just affect NGINX?

What is the best practice for patching a fresh Plesk 12 install for POODLE?

Thanks in advance for your assistance.
 
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
 
IgorG said:
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
Click to expand...

Great, thanks very much for the info. It looks like this "disablesslv3" parameter is only used with NGINX configuration (?) and other services must be patched additionally?
 
You must log in or register to reply here.

Similar threads

J
Issue Drweb won't start in new Debian12 installation
Replies
4
Views
1K
Peter Debik
P
Azurel
Resolved Why SSLv2 and SSLv3?
Replies
1
Views
2K
UFHH01
U
M
Resolved Enable a PHP socket for nginx for custom website outside Plesk
Replies
2
Views
4K
mr-wolf
M
burnley
Question Plesk old->new server migration - best strategy
Replies
4
Views
3K
burnley
burnley
E
Error on installing/upgrading Plesk 12 on CentOS 6.7
Replies
4
Views
2K
Erwin VdB
E
Back
Top