• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Forwarded to devs Nginx compile by Plesk and chipers

O

OverWolf

Regular Pleskian
Username:

TITLE

Nginx compile by Plesk and chipers

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk 18.0.39 Update #2, CentOS 7.9.2009

PROBLEM DESCRIPTION

In my configuration TLS 1.3 isn't implementable but with nginx complied by Plesk, I can secure my domains with the last version. I use Let'sEncrypt to secure domains and I have nginx as a proxy. Every domain is secure with TLS_AES_256_GCM_SHA384 but I would like to use TLS_AES_128_GCM_SHA256

I have followed this guide https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux but withou any success.

STEPS TO REPRODUCE

if I try to set up new chipers to use FIRST AES128 with this command :

Code: 
plesk bin server_pref -u -ssl-ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'

I have this error

Code: 
AH00526: Syntax error on line 81 of /etc/httpd/conf.d/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)

ACTUAL RESULT

I cannot change chipers and domain have a connection encrypted with TLS_AES_256_GCM_SHA384

EXPECTED RESULT

I can use TLS_AES_128_GCM_SHA256 with TLS 1.3

ANY ADDITIONAL INFORMATION

Question - Nginx compile by Plesk and chipers

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
As stated in https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux, TLS 1.3 isn't available in Apache on CentOS 7. The "plesk bin server_pref -u -ssl-ciphers" command changes settings for both Apache and nginx and therefore can't be used in your case. To set the ciphers for nginx only, please use the command:
Code: 
# plesk sbin sslmng -s nginx --ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
instead.
 
Hi Igor,

the command you post give me no error, but the result don't change. If I reissue certificate from Let's Encrypt, it give me a connection encrypted with TLS_AES_256 and not TLS_AES_128 as I would expect. So the 'problem' it's somewhere else
 
You must log in or register to reply here.

Similar threads

O
Question Nginx compile by Plesk and chipers
Replies
6
Views
1K
IgorG
IgorG
D
Question Connection error from UnityWebRequest to my plesk server on older devices
Replies
1
Views
797
Nik G
N
M
Question changed nginx ssl.conf
Replies
2
Views
972
moswak
M
C
Question SSLv3 Error on Dovecot
Replies
5
Views
6K
mow
M
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
Back
Top