• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk keeps reintroducing poodle vulnerability

deltatech

Regular Pleskian
You would think by now in 2017, we would have poodle figured out.

In /etc/httpd/conf/plesk.conf.d/server.conf the SSL protocols are wrong. I fix it, but it doesn't survive the next time plesk writes to that file!

WHY does plesk insist on making me vulnerable??

I have seen the warning that says....
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

But it doesn't say where else to fix this. Where is this file automatically generated from? Where can I put in the proper code?

It insists on putting this line in...
SSLProtocol -ALL +TLSv1 +SSLv3

I fix it by replacing the above with...
SSLProtocol ALL -SSLv2 -SSLv3

But it is only temporary. How can I make this permenant?
 
Back
Top