Resolved Plesk not support Forward Secrecy

[timscha]

Hello!

Right now, I'm testing a brand new installation of Plesk on Debian 9.
I did a SSL check on ssllabs and got downgraded to B because Forward Secrecy is not supported.

What I did - for every domain:

- Using nginx
- Activate SSL using the SSLit extension
- activated HSTS and OCSP Stapling
- Using modern TLS versions and ciphers by Mozilla

Maybe someone has an idea how to fix this?

Thanks

 

[IgorG]

I have A+ rating there for my domain and Plesk Obsidian and the same configs with Let'sEncrypt certificate. The difference only in OS - I have CentOS7 there.
What is the output of the following command:

$ curl -s -D- https://your.domain.tld | grep strict

?

 

[timscha]

I got this result:

strict-transport-security: max-age=15768000; includeSubDomains

Edit: I already tried this: SSL Labs checker shows that Forward Secrecy is not supported
Without any change, rank B remains unchanged.

I also did a re-check on SSLlabs, the exact message is:

This server does not support Forward Secrecy with the reference browsers. Grade capped to B.

 

[timscha]

Really interesting. I fixed it by re-running the mozilla sync. Now I got an A+