• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SLCipherSuite and SSL protocol should be better.

J

JLChafardet

Regular Pleskian
Would be good to see, a better implementation of SSL for plesk ssl, if any of us wants to apply to PCI compliance, every single scanner i have tested, complains about:

Weak Supported Ssl Ciphers Suites


Also there are loads of complains about SSL protocol detection.

SSL Protocol Version 2 Detection


the solutions sugested, at the very least by McAfee Secure is:

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Consult your documentation to identify how to reconfigure the affected application to avoid use of weak ciphers.

if possible, would be very nice to be able to have this fixed, so if we want to apply for PCI compliance, we can meet the market demands.
 
Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.
 
:)

yeah i know that, but it should be at the very least, a good option to offer it, on setup or to allow the configuration options.

if we can do that from plesk, would ease a lot of work on some admins.

as you stated, some business cannot upgrade, and fixing would cause them a problem, but there are another huge bunch of ppl, who could get benefits if this is implemented.
 
sergius said:
Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.
Click to expand...

Can you elaborate please? A Google search on "SSL Protocol Version 2 Detection" (which is McAfee's name for the "vulnerability") comes back with two hits. Two.

What breaks if you disable SSL 2.0? A few examples would really be great. We've got some angry clients who paid a lot of money for this McAfee service and want fixes for the alerts they are getting. At the very least I need some good arguments to counter this. Your help would be appreciated.

Thank you...
 
Thanks a lot i dont have clients with it, its myself who has it, and yes, i want to know what does it breaks, to see if i can switch or not. we dont host ssl domains atm (only my domain) so if i need to recreate the cert (starcom ssl cert) ill recreate it if needed.

also the Weak Supported Ssl Ciphers Suites are shown on other ports as well. 443, 465, 993, 995 and 8443 show this vulnerability.
 
Gentlemen,

I'm unsure I should share on forum information about services which use SSL 2.0 instead SSL 3.0.
 
Hi
i am facing the same problem from McAfee. can some body send me information how to solve this issue.
 
You must log in or register to reply here.

Similar threads

S
Issue TLS1.2 Weak Cipher Suites SSL Labs
Replies
9
Views
6K
blueberry
blueberry
Mark12345
Issue A+ SSL/TLS Test - PCI Compliance - Ciphers - Oh My
Replies
8
Views
4K
Mark12345
Mark12345
M
Issue This server accepts RC4 cipher, but only with older protocol versions
Replies
7
Views
5K
maniot
M
Dukemaster
Input PLESK reaches the stars with only Nginx + HSTS (390%)
Replies
1
Views
2K
mr-wolf
M
V
HTTP/2 – Does it improve site performance?
Replies
0
Views
2K
viktor
V
Back
Top