• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved SSL It! - ssl_prefer_server_ciphers off

M

moswak

Regular Pleskian
After Upgrade to Obsidian and activate SSL It! - TLS versions and encodings of Mozilla SSL-Labs shows only Grade B.

Plesk Onyx - nginx.conf

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade A

Plesk Obsidian - nginx.conf - after SSL It! - TLS versions and encodings of Mozilla

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade B

why SSL It! sets the ssl_prefer_server_cipher off?
 
Could you check the output of the following command?
Code: 
plesk bin server_pref --show | grep ssl-cipher-server-order

By default it should be:
Code: 
ssl-cipher-server-order:        true

If it is `false`, then probably you ran `plesk sbin pci_compliance_resolver --enable` previously.

Anyway, this is a bug in SSL It. I hope it will be fixed someday.

As a workaround you may do the following:
  1. Run:
    Code: 
    plesk bin server_pref --update -ssl-cipher-server-order true
  2. Go to SSL It and click Sync now again.
 
>> Could you check the output of the following command?
output is
ssl-cipher-server-order: 1

when click sync now ssl it sets ssl_prefer_server_ciphers off

>> Anyway, this is a bug in SSL It. I hope it will be fixed someday.

i hope so.
 
output is
ssl-cipher-server-order: 1
Click to expand...
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
 
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
Click to expand...

Yes, after update to 18.0.20 it is fixed.
 
You must log in or register to reply here.

Similar threads

J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
1K
Yaroslav_T
Yaroslav_T
Kulturmensch
Resolved TLS versions for nginx
Replies
2
Views
626
Kulturmensch
Kulturmensch
Heinrich
Issue node.js configuration in PLESK Obsidian 18.0.67 Update Nr. 3
Replies
0
Views
177
Heinrich
Heinrich
A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
590
Alban Staehli
A
Polli
Issue Getting DANE working
2
Replies
33
Views
3K
Polli
Polli
Back
Top