Question TLS 1.2 ok only if NGINX running

Discussion in 'Plesk 12.x for Linux' started by Pascal_Netenvie, Feb 16, 2017.

  1. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Joined:
    Dec 4, 2015
    Messages:
    112
    Likes Received:
    2
    Location:
    Marseille (France)
    Hello,
    I actually test https on website on a server with Plesk 12.5 and Debian 8.

    If Nginx run i get this :
    Secure Connection
    The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

    But if it don't run (Apache only) i get this :
    Obsolete Connection Settings
    The connection to this site uses an obsolete protocol (TLS 1.0), a strong key exchange (ECDHE_RSA with P-256), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).

    How to solve that and get TLS1.2 even without NGINX ?

    Regards.
     
  2. IgorG

    IgorG Forums Analyst Plesk Team

    43
    84%
    Joined:
    Oct 27, 2009
    Messages:
    22,951
    Likes Received:
    762
    Location:
    Novosibirsk, Russia
    As far as I remember in order to use TLSv1.2 for SSLProtocol, you need at least Apache version 2.2.23 (in addition to OpenSSL 1.0.1 or higher).
    If it is ok, define

    SSLProtocol TLSv1.2

    in Apache ssl.conf.
     
  3. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Joined:
    Dec 4, 2015
    Messages:
    112
    Likes Received:
    2
    Location:
    Marseille (France)
    Hi Igor,

    Thanks i will check that.
    Where is the file Apache ssl.conf. in a plesk 12+ configuration ?

    Cheers.
     
  4. Linulex

    Linulex Regular Pleskian

    33
     
    Joined:
    Aug 4, 2001
    Messages:
    358
    Likes Received:
    37
    Plesk doesnt install apache, debian does that. The apache config i probably somewhere in /etc

    in centos/rhel it is /etc/httpd

    in debian its /etc/apache2 if i am correct.

    https://wiki.debian.org/Apache

    regards
    Jan
     
  5. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Joined:
    Dec 4, 2015
    Messages:
    112
    Likes Received:
    2
    Location:
    Marseille (France)
    Hi,
    To answer everyone :

    First this server run Apache 2.2.22 so it can't run ok for TLS 1.2 ...
    And conf is in /etc/apache2/mods-enabled/ssl.conf

    Thx for help guys.
    Cheers.
     
Loading...