• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SSL server accepts weak ciphers on port 12443

J

japjits

Guest
i am using centos with pleask ver 10.3.1

i am trying to fix this but unable to find any document or help for that

apache with sni support
Protocol Port Program Score Summary

TCP 12443 N/A 4.0 Title: SSL server accepts weak ciphers Impact: A remote attacker with the ability to sniff network traffic could decrypt an encrypted session. Resolution: For Apache mod_ssl web servers, use the [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite] SSLCipherSuite directive in the configuration file to specify strong ciphers only and disable SSLv2. For Microsoft IIS web servers, disable SSLv2 and any weak ciphers as described in Microsoft knowledge base articles [http://support.microsoft.com/kb/187498] 187498 and [http://support.microsoft.com/kb/245030] 245030. For other types of web servers, consult the web server documentation. Risk Factor: Medium/ CVSS2 Base Score: 4.0 (AV:N/AC:H/Au:N/C:p/I:N/A:N)
 
Why you do not use latest version of Plesk? There were a lot of security improvements.
 
weak ciphers on port 12443

I am on the latest version of Plesk 11 and I am getting this fail on pci scans. I have done all the pci compliance updates plesk recommends and hardened the server top to bottom. It passes all tests EXCEPT it says port 12443 accepts weak ciphers. This port appears to be where the panel is listening.

I have modified the /usr/local/psa/admin/conf/cipher.lst file per Plesk 11 instructions and it still fails. If I try to use only ciphers that I use in the ssl conf file to mitigate BEAST and CRIME attacks, it locks up sw server. Anybody know how to get high ciphers only on port 12443?

This is preventing me from passing PCI compliance and I just can't seem to find an answer other than to dump Plesk.
 
Back
Top