Resolved SSL It! - ssl_prefer_server_ciphers off

[moswak]

After Upgrade to Obsidian and activate SSL It! - TLS versions and encodings of Mozilla SSL-Labs shows only Grade B.

Plesk Onyx - nginx.conf

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade A

Plesk Obsidian - nginx.conf - after SSL It! - TLS versions and encodings of Mozilla

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade B

why SSL It! sets the ssl_prefer_server_cipher off?

 

[AndreyZ]

Could you check the output of the following command?

plesk bin server_pref --show | grep ssl-cipher-server-order

By default it should be:

ssl-cipher-server-order:        true

If it is `false`, then probably you ran `plesk sbin pci_compliance_resolver --enable` previously.

Anyway, this is a bug in SSL It. I hope it will be fixed someday.

As a workaround you may do the following:

1. Run:
   

   plesk bin server_pref --update -ssl-cipher-server-order true

2. Go to SSL It and click Sync now again.

 

[moswak]

>> Could you check the output of the following command?
output is
ssl-cipher-server-order: 1

when click sync now ssl it sets ssl_prefer_server_ciphers off

>> Anyway, this is a bug in SSL It. I hope it will be fixed someday.

i hope so.

 

[AndreyZ]

output is
ssl-cipher-server-order: 1

Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.

 

[moswak]

Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.

Yes, after update to 18.0.20 it is fixed.