• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

SSL SHA-256 / TLS 1.2- & HTTP/1.1

Roderic

New Pleskian
Centos 6 & Plesk 12.5 with latest updates

Hello, I've got a few clients using PayPal and they got a message from PayPal saying they need to update 2 things to keep using PayPal.

How can I upgrade the SSL Certificates to SHA-256, TLS to 1.2 and HTTP/1.1.?
And is it a good idea to upgrade TLS and HTTP to the latest version or not?

Thanks in advance :)
 
I have in the meanwhile and I've done everything that's in there. But I don't know if I'm good to go now.

This is what PayPal says:
  • Discontinue support for secure connections that require validation with the VeriSign G2 Root Certificate; only validate with the VeriSign G5 Root Certificate.
  • Use a stronger algorithm by upgrading from SHA-1 to SHA-2 (256).
Does the first point mean I just need to get another certificate? Or do I need to change something in Plesk? Bit lost on that one.. Except that I know that it is using the G2 currently.
 
What this means is your SSL certificate needs to be upgraded to 2048-bit, you can have your SSL certificates re-keyed from 1024-bit to 2048-bit by the SSL provider.
 
I'm in need of some related help. I have an A rating right now but there are some issues. SSL/TLS Server Test | High-Tech Bridge

I've used the following ssh commands to success.
# plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
# plesk sbin sslmng --protocols="TLSv1.1 TLSv1.2"

I get an A rating. but no PCI compliance. When I remove the TLSv1.1, I get an A+ rating with PCI compliance but also a warning that TLSv1.1 must be active to be compliant with HIPAA guidance. So, how to enable TLSv1.1 and get an A+ rating eludes me.

I then try modifying the ciphers in this file: /etc/httpd/conf.d/ssl.conf but nothing seems to change when I do that.

SSLCipherSuite EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AES:!ECDSA:!NULL:!MD5:!DSS:!3DES
SSLHonorCipherOrder on
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
<IfModule mod_ssl.c>SSLCipherSuite HIGH:!aNULL:!MD5</IfModule>


Do I have to update the following files with protocols and ciphers?
/usr/local/psa/admin/conf/templates/custom/nginxWebmailPartial.php
/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
/usr/local/psa/admin/conf/templates/custom/server/nginxVhosts.php

Server version: Apache/2.2.15 (Unix)
Plesk Onyx v17.5.3
CentOS 6.9

Thanks.
 
Back
Top