• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Question Security audit mentions SSL Session Resumption being enabled, can't find this setting

S

Silvh

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
18.0.51
Hello everyone!

Recently we've asked a security auditing company to audit our systems and one particular point on this list has us stumped:

SSL Session resumption is enabled, Urgency: High

I've tried to find anything regarding this in the documentation and boards, yet am unable to find much beyond a post asking to enable it with no response.
Is this a configuration setting that can be enabled/disabled anywhere? I can't find it in the SSLIt configuration, nor anywhere in the Mozilla json files that it uses for configuration.

Am I missing something?
And would disabling this cause any problems outside of sessions not being restored when a user closes their browser and re-opens it?

Thank you for your time in advance!
 
You must log in or register to reply here.

Similar threads

J
HOW TO SET UP YOUR ONLINE STORE WITH WOOCOMMERCE
Replies
1
Views
6K
alex paul
alex paul
I
Unable to disable SSL v2 and v3 in Postfix & Courier
Replies
15
Views
17K
iainh
I
Back
Top