• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved SSL It! - ssl_prefer_server_ciphers off

moswak

Regular Pleskian
After Upgrade to Obsidian and activate SSL It! - TLS versions and encodings of Mozilla SSL-Labs shows only Grade B.

Plesk Onyx - nginx.conf

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade A

Plesk Obsidian - nginx.conf - after SSL It! - TLS versions and encodings of Mozilla

ssl_ciphers EECDH+AESGCM+AES128........
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_dhparam /usr/local/psa/etc/dhkey.pem;

= SSL-Labs Grade B

why SSL It! sets the ssl_prefer_server_cipher off?
 
Could you check the output of the following command?
Code:
plesk bin server_pref --show | grep ssl-cipher-server-order

By default it should be:
Code:
ssl-cipher-server-order:        true

If it is `false`, then probably you ran `plesk sbin pci_compliance_resolver --enable` previously.

Anyway, this is a bug in SSL It. I hope it will be fixed someday.

As a workaround you may do the following:
  1. Run:
    Code:
    plesk bin server_pref --update -ssl-cipher-server-order true
  2. Go to SSL It and click Sync now again.
 
>> Could you check the output of the following command?
output is
ssl-cipher-server-order: 1

when click sync now ssl it sets ssl_prefer_server_ciphers off

>> Anyway, this is a bug in SSL It. I hope it will be fixed someday.

i hope so.
 
output is
ssl-cipher-server-order: 1
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.
 
Oh, this should be fixed in Plesk 18.0.20. It has been released today. Could you try again? The output should be `true`, not `1`.

Yes, after update to 18.0.20 it is fixed.
 
Back
Top