• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk 12.5 - SSLFix.sh dh without effect?

S

Squeeze999

Basic Pleskian
I am trying to fix the DH vulnerability on several servers with Ubuntu 14.04 and Debian 8 and Plesk 12.5.
Each effort I take results in an "B" on SSLlabs.com: Weak DH ciphers.

I tried the SSLFix.sh dh apache / nginx / etc. script but the result always is the same.
Also manual editing of /etc/apache2/mods-enabled/ssl.conf and /etc/nginx/plesk.conf.d/server.conf does not help. Naturally I generated new DH parameter files and restarted the services after each change.

Has anybody an idea, where the relevant config files reside?
I spent hours so far.

Regards,
Squeeze999
 
Hi UFHH01,

thanks a lot for your response.
I am very sorry, but KB 123160 did not really solve my problem. I did this several times before.
My problem is not the POODLE, it is the LOGJAM (DH weak ciphers) vulnerability.
I can do what I want, but there is no way to get rid of these weak DH cipher suites.
The SSLFix.sh script with the "dh" parameter is useless.

I managed it all before with Plesk 12.0.18 but after upgrading to 12.5 all my changes are gone :(

Best wishes

Squeeze999 from Spätzletown
 
Hi Squeeze999,

hm... you missed to read the additional thread and its posts.... what a pitty, because you would have found:

http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/#post-761003
or
http://talk.plesk.com/threads/ssl-poodle-sslv3-bug.323338/page-4#post-762779

Even that there are MORE solutions in the thread, for different situations and services, you will find as well your specific issue. Maybe you should give it try and start reading the thread? ^^


P.S.: In addition... if you don't tell anyone, then there is another hint here: Often enough, the SEARCH option lead to answers. In your case, you could use the search word "dhparam" ?!?
 
Hi UFHH01,

if one has eyes to see, he should use them and if one is in the lucky situation to have learned reading, he should read!!
You're absolutely right! I managed finally to update the custom templates and earn a fat green "A" on SSLlabs.com.
If additionally HSTS is configured on Nginx and Apache and, in the domain webserver settings "Smart static files processing" is deactivated, you get an A+

Thank you very much!

Squeeze999
 
You must log in or register to reply here.

Similar threads

Dukemaster
Question Nginx (Pagespeed) - Updating cipher list
Replies
0
Views
700
Dukemaster
Dukemaster
Dukemaster
Question Nginx (TLS 1.3 + Pagespeed) - Updating cipher list
Replies
10
Views
4K
Dukemaster
Dukemaster
Mark12345
Issue A+ SSL/TLS Test - PCI Compliance - Ciphers - Oh My
Replies
8
Views
4K
Mark12345
Mark12345
JRsz
Strong cipher suits for plesk interface
Replies
3
Views
2K
Lloyd_mcse
Lloyd_mcse
Dukemaster
Input PLESK reaches the stars with only Nginx + HSTS (390%)
Replies
1
Views
2K
mr-wolf
M
Back
Top