• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Forwarded to devs Nginx compile by Plesk and chipers

O

OverWolf

Regular Pleskian
Username:

TITLE

Nginx compile by Plesk and chipers

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk 18.0.39 Update #2, CentOS 7.9.2009

PROBLEM DESCRIPTION

In my configuration TLS 1.3 isn't implementable but with nginx complied by Plesk, I can secure my domains with the last version. I use Let'sEncrypt to secure domains and I have nginx as a proxy. Every domain is secure with TLS_AES_256_GCM_SHA384 but I would like to use TLS_AES_128_GCM_SHA256

I have followed this guide https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux but withou any success.

STEPS TO REPRODUCE

if I try to set up new chipers to use FIRST AES128 with this command :

Code: 
plesk bin server_pref -u -ssl-ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'

I have this error

Code: 
AH00526: Syntax error on line 81 of /etc/httpd/conf.d/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)

ACTUAL RESULT

I cannot change chipers and domain have a connection encrypted with TLS_AES_256_GCM_SHA384

EXPECTED RESULT

I can use TLS_AES_128_GCM_SHA256 with TLS 1.3

ANY ADDITIONAL INFORMATION

Question - Nginx compile by Plesk and chipers

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
As stated in https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux, TLS 1.3 isn't available in Apache on CentOS 7. The "plesk bin server_pref -u -ssl-ciphers" command changes settings for both Apache and nginx and therefore can't be used in your case. To set the ciphers for nginx only, please use the command:
Code: 
# plesk sbin sslmng -s nginx --ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
instead.
 
Hi Igor,

the command you post give me no error, but the result don't change. If I reissue certificate from Let's Encrypt, it give me a connection encrypted with TLS_AES_256 and not TLS_AES_128 as I would expect. So the 'problem' it's somewhere else
 
You must log in or register to reply here.

Similar threads

A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
692
Alban Staehli
A
Heinrich
Resolved node.js configuration in PLESK Obsidian 18.0.67 Update Nr. 3
Replies
3
Views
375
alvarezcruz
alvarezcruz
Polli
Issue Getting DANE working
2
Replies
33
Views
3K
Polli
Polli
O
Question Nginx compile by Plesk and chipers
Replies
6
Views
2K
IgorG
IgorG
D
Question Connection error from UnityWebRequest to my plesk server on older devices
Replies
1
Views
1K
Nik G
N
Back
Top