• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved SSL It! - ssl_prefer_server_ciphers off

moswak

Regular Pleskian
After Upgrade to Obsidian and activate SSL It! - TLS versions and encodings of Mozilla SSL-Labs shows only Grade B.

Plesk Onyx - nginx.conf

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade A

Plesk Obsidian - nginx.conf - after SSL It! - TLS versions and encodings of Mozilla

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade B

why SSL It! sets the ssl_prefer_server_cipher off?
 
Could you check the output of the following command?
Code:
plesk bin server_pref --show | grep ssl-cipher-server-order

By default it should be:
Code:
ssl-cipher-server-order:        true

If it is `false`, then probably you ran `plesk sbin pci_compliance_resolver --enable` previously.

Anyway, this is a bug in SSL It. I hope it will be fixed someday.

As a workaround you may do the following:
  1. Run:
    Code:
    plesk bin server_pref --update -ssl-cipher-server-order true
  2. Go to SSL It and click Sync now again.
 
>> Could you check the output of the following command?
output is
ssl-cipher-server-order: 1

when click sync now ssl it sets ssl_prefer_server_ciphers off

>> Anyway, this is a bug in SSL It. I hope it will be fixed someday.

i hope so.
 
output is
ssl-cipher-server-order: 1
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
 
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.

Yes, after update to 18.0.20 it is fixed.
 
Back
Top