• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SSL SHA-256 / TLS 1.2- & HTTP/1.1

Roderic

New Pleskian
Centos 6 & Plesk 12.5 with latest updates

Hello, I've got a few clients using PayPal and they got a message from PayPal saying they need to update 2 things to keep using PayPal.

How can I upgrade the SSL Certificates to SHA-256, TLS to 1.2 and HTTP/1.1.?
And is it a good idea to upgrade TLS and HTTP to the latest version or not?

Thanks in advance :)
 
I have in the meanwhile and I've done everything that's in there. But I don't know if I'm good to go now.

This is what PayPal says:
  • Discontinue support for secure connections that require validation with the VeriSign G2 Root Certificate; only validate with the VeriSign G5 Root Certificate.
  • Use a stronger algorithm by upgrading from SHA-1 to SHA-2 (256).
Does the first point mean I just need to get another certificate? Or do I need to change something in Plesk? Bit lost on that one.. Except that I know that it is using the G2 currently.
 
What this means is your SSL certificate needs to be upgraded to 2048-bit, you can have your SSL certificates re-keyed from 1024-bit to 2048-bit by the SSL provider.
 
I'm in need of some related help. I have an A rating right now but there are some issues. SSL/TLS Server Test | High-Tech Bridge

I've used the following ssh commands to success.
# plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
# plesk sbin sslmng --protocols="TLSv1.1 TLSv1.2"

I get an A rating. but no PCI compliance. When I remove the TLSv1.1, I get an A+ rating with PCI compliance but also a warning that TLSv1.1 must be active to be compliant with HIPAA guidance. So, how to enable TLSv1.1 and get an A+ rating eludes me.

I then try modifying the ciphers in this file: /etc/httpd/conf.d/ssl.conf but nothing seems to change when I do that.

SSLCipherSuite EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AES:!ECDSA:!NULL:!MD5:!DSS:!3DES
SSLHonorCipherOrder on
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
<IfModule mod_ssl.c>SSLCipherSuite HIGH:!aNULL:!MD5</IfModule>


Do I have to update the following files with protocols and ciphers?
/usr/local/psa/admin/conf/templates/custom/nginxWebmailPartial.php
/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
/usr/local/psa/admin/conf/templates/custom/server/nginxVhosts.php

Server version: Apache/2.2.15 (Unix)
Plesk Onyx v17.5.3
CentOS 6.9

Thanks.
 
Back
Top