• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

PCI Compliance - Plesk on Ubuntu 8.04 LTS

L

LloydD

Basic Pleskian
While reseaching PCI Compliance on Ubuntu I couldn't find much info for Ubuntu so here's what has got me PCI Compliant -

Plesk 10.4.4 MU42 PCI Compliance on Ubuntu 8.04 LTS September 2012

Apache

Add to or create /etc/apache2/conf.d/zz050-psa-disable-weak-ssl-ciphers.conf add
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!EDH:!3DES
Click to expand...

And restart apache

/etc/init.d/apache2 restart


Postfix

Open /etc/postfix/main.cf in your favourite editor eg

vi /etc/postfix/main.cf

And add the following -
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
tls_high_cipherlist = RC4-SHA
smtpd_tls_mandatory_ciphers = HIGH
Click to expand...

save the file and restart Postfix

/etc/init.d/postfix restart


Courier-Imap

Here you need to edit two files, /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl in both files find the line TLS_CIPHER_LIST and add RC4-SHA like this –

TLS_CIPHER_LIST="RC4-SHA"
Click to expand...

Save the file and restart courier-imap –

/etc/init.d/courier-imap restart


Qmail

Here you need to edit or create files /var/qmail/control/tlsserverciphers and /var/qmail/control/tlsclientciphers

And add

RC4-SHA
Click to expand...

Save the files and restart qmail

/etc/init.d/qmail restart


Plesk 10.4.4

Here you need to create the file /opt/psa/admin/conf/cipher.lst and add

RC4-SHA
Click to expand...

and restart the Plesk server -

/etc/init.d/sw-cp-server restart


Now you can check your ciphers at http://serversniff.net/content.php?do=ssl
I have used just RC4-SHA on everything except Apache as that honoured the cipher order and others didn’t want to.
I will look into this further at some point, but for the time being we are PCI Compliant and have mitigated against BEAST on all ports.
I hope this helps someone else.
Regards

Lloyd
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Question VM with Plesk and Ubuntu: Ubuntu Upgrade 22.04-LTS to 24.04-LTS fails
Replies
3
Views
1K
chris-taylor
C
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
J
Resolved Can't login at Plesk admin panel (Plesk Onyx 17.0.17)
Replies
6
Views
10K
JVG
J
T
Issue SMTPD No Auth from IP Issue
Replies
2
Views
2K
Tessxr
T
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
2K
Ehud
Ehud
Back
Top