• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SSL server accepts weak ciphers on port 12443

J

japjits

Guest
i am using centos with pleask ver 10.3.1

i am trying to fix this but unable to find any document or help for that

apache with sni support
Protocol Port Program Score Summary

TCP 12443 N/A 4.0 Title: SSL server accepts weak ciphers Impact: A remote attacker with the ability to sniff network traffic could decrypt an encrypted session. Resolution: For Apache mod_ssl web servers, use the [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite] SSLCipherSuite directive in the configuration file to specify strong ciphers only and disable SSLv2. For Microsoft IIS web servers, disable SSLv2 and any weak ciphers as described in Microsoft knowledge base articles [http://support.microsoft.com/kb/187498] 187498 and [http://support.microsoft.com/kb/245030] 245030. For other types of web servers, consult the web server documentation. Risk Factor: Medium/ CVSS2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:p/I:N/A:N)
 
Why you do not use latest version of Plesk? There were a lot of security improvements.
 
weak ciphers on port 12443

I am on the latest version of Plesk 11 and I am getting this fail on pci scans. I have done all the pci compliance updates plesk recommends and hardened the server top to bottom. It passes all tests EXCEPT it says port 12443 accepts weak ciphers. This port appears to be where the panel is listening.

I have modified the /usr/local/psa/admin/conf/cipher.lst file per Plesk 11 instructions and it still fails. If I try to use only ciphers that I use in the ssl conf file to mitigate BEAST and CRIME attacks, it locks up sw server. Anybody know how to get high ciphers only on port 12443?

This is preventing me from passing PCI compliance and I just can't seem to find an answer other than to dump Plesk.
 
You must log in or register to reply here.

Similar threads

M
Issue This server accepts RC4 cipher, but only with older protocol versions
Replies
7
Views
5K
maniot
M
A
Parallels Plesk Pannel 11.0.9 Horde webmail vulnerability?
Replies
4
Views
3K
_Alberto_
A
D
Plesk Login Transmits credentials in cleartext
Replies
1
Views
3K
Deoxymono
D
D
SSL/TLS Protocol Vulnerability PCI Scan
Replies
8
Views
20K
RalphP
R
D
How do I turn off TRACK and TRACE HTTP please.
Replies
2
Views
5K
Dave-Brown
D
Back
Top