• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved SSL It! - ssl_prefer_server_ciphers off

M

moswak

Regular Pleskian
After Upgrade to Obsidian and activate SSL It! - TLS versions and encodings of Mozilla SSL-Labs shows only Grade B.

Plesk Onyx - nginx.conf

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade A

Plesk Obsidian - nginx.conf - after SSL It! - TLS versions and encodings of Mozilla

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade B

why SSL It! sets the ssl_prefer_server_cipher off?
 
Could you check the output of the following command?
Code: 
plesk bin server_pref --show | grep ssl-cipher-server-order

By default it should be:
Code: 
ssl-cipher-server-order:        true

If it is `false`, then probably you ran `plesk sbin pci_compliance_resolver --enable` previously.

Anyway, this is a bug in SSL It. I hope it will be fixed someday.

As a workaround you may do the following:
  1. Run:
    Code: 
    plesk bin server_pref --update -ssl-cipher-server-order true
  2. Go to SSL It and click Sync now again.
 
>> Could you check the output of the following command?
output is
ssl-cipher-server-order: 1

when click sync now ssl it sets ssl_prefer_server_ciphers off

>> Anyway, this is a bug in SSL It. I hope it will be fixed someday.

i hope so.
 
output is
ssl-cipher-server-order: 1
Click to expand...
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
 
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
Click to expand...

Yes, after update to 18.0.20 it is fixed.
 
You must log in or register to reply here.

Similar threads

J
Issue DEBIAN 12 OPENSSL 3.0 DOVECOT does not allow login
Replies
1
Views
1K
Yaroslav_T
Yaroslav_T
Jürgen_T
Resolved TLS versions for nginx
Replies
2
Views
701
Jürgen_T
Jürgen_T
Heinrich
Resolved node.js configuration in PLESK Obsidian 18.0.67 Update Nr. 3
Replies
3
Views
436
alvarezcruz
alvarezcruz
A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
723
Alban Staehli
A
Polli
Issue Getting DANE working
2
Replies
33
Views
4K
Polli
Polli
Back
Top