Facebook
TwitterYou would think by now in 2017, we would have poodle figured out.
In /etc/httpd/conf/plesk.conf.d/server.conf the SSL protocols are wrong. I fix it, but it doesn't survive the next time plesk writes to that file!
WHY does plesk insist on making me vulnerable??
I have seen the warning that says....
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
But it doesn't say where else to fix this. Where is this file automatically generated from? Where can I put in the proper code?
It insists on putting this line in...
SSLProtocol -ALL +TLSv1 +SSLv3
I fix it by replacing the above with...
SSLProtocol ALL -SSLv2 -SSLv3
But it is only temporary. How can I make this permenant?
In /etc/httpd/conf/plesk.conf.d/server.conf the SSL protocols are wrong. I fix it, but it doesn't survive the next time plesk writes to that file!
WHY does plesk insist on making me vulnerable??
I have seen the warning that says....
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
But it doesn't say where else to fix this. Where is this file automatically generated from? Where can I put in the proper code?
It insists on putting this line in...
SSLProtocol -ALL +TLSv1 +SSLv3
I fix it by replacing the above with...
SSLProtocol ALL -SSLv2 -SSLv3
But it is only temporary. How can I make this permenant?
