• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Forwarded to devs Nginx compile by Plesk and chipers

O

OverWolf

Regular Pleskian
Username:

TITLE

Nginx compile by Plesk and chipers

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Plesk 18.0.39 Update #2, CentOS 7.9.2009

PROBLEM DESCRIPTION

In my configuration TLS 1.3 isn't implementable but with nginx complied by Plesk, I can secure my domains with the last version. I use Let'sEncrypt to secure domains and I have nginx as a proxy. Every domain is secure with TLS_AES_256_GCM_SHA384 but I would like to use TLS_AES_128_GCM_SHA256

I have followed this guide https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux but withou any success.

STEPS TO REPRODUCE

if I try to set up new chipers to use FIRST AES128 with this command :

Code: 
plesk bin server_pref -u -ssl-ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'

I have this error

Code: 
AH00526: Syntax error on line 81 of /etc/httpd/conf.d/ssl.conf:
SSLCipherSuite takes one argument, Colon-delimited list of permitted SSL Ciphers ('XXX:...:XXX' - see manual)

ACTUAL RESULT

I cannot change chipers and domain have a connection encrypted with TLS_AES_256_GCM_SHA384

EXPECTED RESULT

I can use TLS_AES_128_GCM_SHA256 with TLS 1.3

ANY ADDITIONAL INFORMATION

Question - Nginx compile by Plesk and chipers

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Help with sorting out
 
As stated in https://support.plesk.com/hc/en-us/...able-TLS-protocol-versions-in-Plesk-for-Linux, TLS 1.3 isn't available in Apache on CentOS 7. The "plesk bin server_pref -u -ssl-ciphers" command changes settings for both Apache and nginx and therefore can't be used in your case. To set the ciphers for nginx only, please use the command:
Code: 
# plesk sbin sslmng -s nginx --ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
instead.
 
Hi Igor,

the command you post give me no error, but the result don't change. If I reissue certificate from Let's Encrypt, it give me a connection encrypted with TLS_AES_256 and not TLS_AES_128 as I would expect. So the 'problem' it's somewhere else
 
You must log in or register to reply here.

Similar threads

O
Question Nginx compile by Plesk and chipers
Replies
6
Views
1K
IgorG
IgorG
D
Question Connection error from UnityWebRequest to my plesk server on older devices
Replies
1
Views
813
Nik G
N
M
Question changed nginx ssl.conf
Replies
2
Views
984
moswak
M
C
Question SSLv3 Error on Dovecot
Replies
5
Views
6K
mow
M
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
1K
Tessxr
T
Back
Top