• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SLCipherSuite and SSL protocol should be better.

J

JLChafardet

Regular Pleskian
Would be good to see, a better implementation of SSL for plesk ssl, if any of us wants to apply to PCI compliance, every single scanner i have tested, complains about:

Weak Supported Ssl Ciphers Suites


Also there are loads of complains about SSL protocol detection.

SSL Protocol Version 2 Detection


the solutions sugested, at the very least by McAfee Secure is:

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Consult your documentation to identify how to reconfigure the affected application to avoid use of weak ciphers.

if possible, would be very nice to be able to have this fixed, so if we want to apply for PCI compliance, we can meet the market demands.
 
Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.
 
:)

yeah i know that, but it should be at the very least, a good option to offer it, on setup or to allow the configuration options.

if we can do that from plesk, would ease a lot of work on some admins.

as you stated, some business cannot upgrade, and fixing would cause them a problem, but there are another huge bunch of ppl, who could get benefits if this is implemented.
 
sergius said:
Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.
Click to expand...

Can you elaborate please? A Google search on "SSL Protocol Version 2 Detection" (which is McAfee's name for the "vulnerability") comes back with two hits. Two.

What breaks if you disable SSL 2.0? A few examples would really be great. We've got some angry clients who paid a lot of money for this McAfee service and want fixes for the alerts they are getting. At the very least I need some good arguments to counter this. Your help would be appreciated.

Thank you...
 
Thanks a lot i dont have clients with it, its myself who has it, and yes, i want to know what does it breaks, to see if i can switch or not. we dont host ssl domains atm (only my domain) so if i need to recreate the cert (starcom ssl cert) ill recreate it if needed.

also the Weak Supported Ssl Ciphers Suites are shown on other ports as well. 443, 465, 993, 995 and 8443 show this vulnerability.
 
Gentlemen,

I'm unsure I should share on forum information about services which use SSL 2.0 instead SSL 3.0.
 
Hi
i am facing the same problem from McAfee. can some body send me information how to solve this issue.
 
You must log in or register to reply here.

Similar threads

S
Issue TLS1.2 Weak Cipher Suites SSL Labs
Replies
9
Views
5K
blueberry
blueberry
Automata
  • Poll
Input FEATURE REQUEST: Add SSH2 extension to PHP default extensions to improve security.
Replies
2
Views
2K
Automata
Automata
Mark12345
Issue A+ SSL/TLS Test - PCI Compliance - Ciphers - Oh My
Replies
8
Views
3K
Mark12345
Mark12345
M
Issue This server accepts RC4 cipher, but only with older protocol versions
Replies
7
Views
4K
maniot
M
Dukemaster
Input PLESK reaches the stars with only Nginx + HSTS (390%)
Replies
1
Views
2K
mr-wolf
M
Back
Top