• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Resolved Plesk keeps reintroducing poodle vulnerability

deltatech

Regular Pleskian
You would think by now in 2017, we would have poodle figured out.

In /etc/httpd/conf/plesk.conf.d/server.conf the SSL protocols are wrong. I fix it, but it doesn't survive the next time plesk writes to that file!

WHY does plesk insist on making me vulnerable??

I have seen the warning that says....
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

But it doesn't say where else to fix this. Where is this file automatically generated from? Where can I put in the proper code?

It insists on putting this line in...
SSLProtocol -ALL +TLSv1 +SSLv3

I fix it by replacing the above with...
SSLProtocol ALL -SSLv2 -SSLv3

But it is only temporary. How can I make this permenant?
 
Back
Top