• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Plesk keeps reintroducing poodle vulnerability

deltatech

Regular Pleskian
You would think by now in 2017, we would have poodle figured out.

In /etc/httpd/conf/plesk.conf.d/server.conf the SSL protocols are wrong. I fix it, but it doesn't survive the next time plesk writes to that file!

WHY does plesk insist on making me vulnerable??

I have seen the warning that says....
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

But it doesn't say where else to fix this. Where is this file automatically generated from? Where can I put in the proper code?

It insists on putting this line in...
SSLProtocol -ALL +TLSv1 +SSLv3

I fix it by replacing the above with...
SSLProtocol ALL -SSLv2 -SSLv3

But it is only temporary. How can I make this permenant?
 
Back
Top