Please look at this KB article - http://kb.odin.com/en/123160Will Parallels be releasing an official patch / micro update for this issue, or do we all need to perform the edits as described here?
Please look at this KB article - http://kb.odin.com/en/123160Will Parallels be releasing an official patch / micro update for this issue, or do we all need to perform the edits as described here?
This article says:Please look at this KB article - http://kb.odin.com/en/123160
But it doesn't say where to find the configuration file (since the article applies to both Linux and Windows, I presume).If you're running Apache, include the following line in your configuration among the other SSL directives:
Find it here - http://kb.odin.com/en/111283Where do I find the config file for Apache under Linux?
I found it. It's under /etc/apache2/mods-available/ssl.confFind it here - http://kb.odin.com/en/111283
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
/etc/init.d/sw-cp-server restart
I would also appreciate a little more clarity on implementing this fix, including locations of all the relevant files, so we can be sure that config rebuilds or micro-updates don't overwrite the changes. Also, clarification on how to ensure that Plesk Panel itself is "fixed".IgorG, in http://kb.odin.com/en/123160 there is no information about securing the Plesk Web Server itself. Why?
I patched it by adding
to the /etc/sw-cp-server/conf.d/plesk.conf file and restarting the Plesk Web Server afterwards:Code:ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Is this correct?Code:/etc/init.d/sw-cp-server restart
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
sudo service sw-cp-server restart
echo 'ssl.engine = "enable"'
echo 'ssl.use-sslv2 = "disable"'`
echo 'ssl.use-sslv3 = "disable"'
sudo service sw-cp-server restart
Will Parallels be releasing an official patch / micro update for this issue, or do we all need to perform the edits as described here?
Please look at this KB article - http://kb.odin.com/en/123160
There may be a problem with the mail server or network. Verify the settings for account or try again. The server returned the error: The connection to the server “www.domain.com” on port 993 timed out.
Oct 18 07:51:02 hostname courier-pop3s: couriertls: accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Oct 18 07:51:12 hostname courier-imaps: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
After applying the recommend changes to Courier IMAP/POP files users who access mail via SSL are unable to connect to the server - the following errors occur in the mail client:
Code:There may be a problem with the mail server or network. Verify the settings for account or try again. The server returned the error: The connection to the server “www.domain.com” on port 993 timed out.
The server shows these errors in the maillog file:
Code:Oct 18 07:51:02 hostname courier-pop3s: couriertls: accept: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Oct 18 07:51:12 hostname courier-imaps: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Has anyone else seen this and do you know how to fix this?
Igor, can we expect to see an upcoming MU to address this in the near future? If it's just a few days away (or in an upcoming MU) it would be great to know.
Which e-mail client and version is being used?