• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk 12.5 - SSLFix.sh dh without effect?

S

Squeeze999

Basic Pleskian
I am trying to fix the DH vulnerability on several servers with Ubuntu 14.04 and Debian 8 and Plesk 12.5.
Each effort I take results in an "B" on SSLlabs.com: Weak DH ciphers.

I tried the SSLFix.sh dh apache / nginx / etc. script but the result always is the same.
Also manual editing of /etc/apache2/mods-enabled/ssl.conf and /etc/nginx/plesk.conf.d/server.conf does not help. Naturally I generated new DH parameter files and restarted the services after each change.

Has anybody an idea, where the relevant config files reside?
I spent hours so far.

Regards,
Squeeze999
 
Hi UFHH01,

thanks a lot for your response.
I am very sorry, but KB 123160 did not really solve my problem. I did this several times before.
My problem is not the POODLE, it is the LOGJAM (DH weak ciphers) vulnerability.
I can do what I want, but there is no way to get rid of these weak DH cipher suites.
The SSLFix.sh script with the "dh" parameter is useless.

I managed it all before with Plesk 12.0.18 but after upgrading to 12.5 all my changes are gone :(

Best wishes

Squeeze999 from Spätzletown
 
Hi Squeeze999,

hm... you missed to read the additional thread and its posts.... what a pitty, because you would have found:

http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/#post-761003
or
http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/page-4#post-762779

Even that there are MORE solutions in the thread, for different situations and services, you will find as well your specific issue. Maybe you should give it try and start reading the thread? ^^


P.S.: In addition... if you don't tell anyone, then there is another hint here: Often enough, the SEARCH option lead to answers. In your case, you could use the search word "dhparam" ?!?
 
Hi UFHH01,

if one has eyes to see, he should use them and if one is in the lucky situation to have learned reading, he should read!!
You're absolutely right! I managed finally to update the custom templates and earn a fat green "A" on SSLlabs.com.
If additionally HSTS is configured on Nginx and Apache and, in the domain webserver settings "Smart static files processing" is deactivated, you get an A+

Thank you very much!

Squeeze999
 
You must log in or register to reply here.

Similar threads

Mark12345
Issue A+ SSL/TLS Test - PCI Compliance - Ciphers - Oh My
Replies
8
Views
4K
Mark12345
Mark12345
JRsz
Strong cipher suits for plesk interface
Replies
3
Views
2K
Lloyd_mcse
Lloyd_mcse
C
Need to secure Plesk 12.0.18 on Ubuntu 14.04 VPS
Replies
1
Views
1K
cartj
C
Back
Top