• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

New Plesk 12 install has POODLE unpatched

gbotica

Regular Pleskian
Hi,

I just got a new Plesk 12 VPS with MediaTemple. As deployed fresh, the server has the POODLE vulnerability unpatched -- I would have thought Parallels would have new installs fixed by now?

Anyway, rather than going through the lengthy patching process, as described here http://kb.odin.com/en/123160 I was hoping to find the quickest and most robust fix. There is a script available on the KB page to automate the patching, but it didn't work on some of my other Plesk installs, I had to do it manually.

I see that the site templates at /usr/local/psa/admin/conf/templates/default/ have been updated with things like this:

Code:
<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
    ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>

Where is this param 'disablesslv3' set? How can it be set to 'true'?

Does setting this param affect other services, also patching them for POODLE? Or does it just affect NGINX?

What is the best practice for patching a fresh Plesk 12 install for POODLE?

Thanks in advance for your assistance.
 
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
 
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols

Great, thanks very much for the info. It looks like this "disablesslv3" parameter is only used with NGINX configuration (?) and other services must be patched additionally?
 
Back
Top