• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SSL SHA-256 / TLS 1.2- & HTTP/1.1

Roderic

Roderic

New Pleskian
Centos 6 & Plesk 12.5 with latest updates

Hello, I've got a few clients using PayPal and they got a message from PayPal saying they need to update 2 things to keep using PayPal.

How can I upgrade the SSL Certificates to SHA-256, TLS to 1.2 and HTTP/1.1.?
And is it a good idea to upgrade TLS and HTTP to the latest version or not?

Thanks in advance :)
 
I have in the meanwhile and I've done everything that's in there. But I don't know if I'm good to go now.

This is what PayPal says:
  • Discontinue support for secure connections that require validation with the VeriSign G2 Root Certificate; only validate with the VeriSign G5 Root Certificate.
  • Use a stronger algorithm by upgrading from SHA-1 to SHA-2 (256).
Does the first point mean I just need to get another certificate? Or do I need to change something in Plesk? Bit lost on that one.. Except that I know that it is using the G2 currently.
 
What this means is your SSL certificate needs to be upgraded to 2048-bit, you can have your SSL certificates re-keyed from 1024-bit to 2048-bit by the SSL provider.
 
I'm in need of some related help. I have an A rating right now but there are some issues. SSL/TLS Server Test | High-Tech Bridge

I've used the following ssh commands to success.
# plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
# plesk sbin sslmng --protocols="TLSv1.1 TLSv1.2"

I get an A rating. but no PCI compliance. When I remove the TLSv1.1, I get an A+ rating with PCI compliance but also a warning that TLSv1.1 must be active to be compliant with HIPAA guidance. So, how to enable TLSv1.1 and get an A+ rating eludes me.

I then try modifying the ciphers in this file: /etc/httpd/conf.d/ssl.conf but nothing seems to change when I do that.

SSLCipherSuite EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EDH+AES:RSA+AESGCM:RSA+AES:!ECDSA:!NULL:!MD5:!DSS:!3DES
SSLHonorCipherOrder on
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
<IfModule mod_ssl.c>SSLCipherSuite HIGH:!aNULL:!MD5</IfModule>


Do I have to update the following files with protocols and ciphers?
/usr/local/psa/admin/conf/templates/custom/nginxWebmailPartial.php
/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php
/usr/local/psa/admin/conf/templates/custom/server/nginxVhosts.php

Server version: Apache/2.2.15 (Unix)
Plesk Onyx v17.5.3
CentOS 6.9

Thanks.
 
You must log in or register to reply here.

Similar threads

R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
1K
tessa67
T
Daerik
Issue Error Upgrading Plesk Obsidian 18.0.63 to 18.0.64: HTTPS Error 404 - Not Found (MaxScale Repo)
Replies
6
Views
861
Daerik
Daerik
N
Issue cURL request: SSL connection timeout
Replies
4
Views
554
nico.exe
N
W
Issue PositiveSSL not installed, but payed
Replies
1
Views
967
AYamshanov
AYamshanov
B
Resolved secure Plesk hostname on port 8443 with an SSL certificate Let's Encrypt ERROR
Replies
2
Views
3K
Butcher
B
Back
Top