Dismiss Notice
Plesk Onyx 17.5 is now available for everyone and we'd love to hear your thoughts on the new Plesk version. Visit this thread for more details.

Question TLS 1.2 ok only if NGINX running

Discussion in 'Plesk 12.x for Linux' started by Pascal_Netenvie, Feb 16, 2017.

  1. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    132
    Location:
    Marseille (France)
    Hello,
    I actually test https on website on a server with Plesk 12.5 and Debian 8.

    If Nginx run i get this :
    Secure Connection
    The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

    But if it don't run (Apache only) i get this :
    Obsolete Connection Settings
    The connection to this site uses an obsolete protocol (TLS 1.0), a strong key exchange (ECDHE_RSA with P-256), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).

    How to solve that and get TLS1.2 even without NGINX ?

    Regards.
     
  2. IgorG

    IgorG Forums Analyst Plesk Team

    37
     
    Messages:
    22,662
    Likes Received:
    679
    Trophy Points:
    882
    Location:
    Novosibirsk, Russia
    As far as I remember in order to use TLSv1.2 for SSLProtocol, you need at least Apache version 2.2.23 (in addition to OpenSSL 1.0.1 or higher).
    If it is ok, define

    SSLProtocol TLSv1.2

    in Apache ssl.conf.
     
  3. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    132
    Location:
    Marseille (France)
    Hi Igor,

    Thanks i will check that.
    Where is the file Apache ssl.conf. in a plesk 12+ configuration ?

    Cheers.
     
  4. Linulex

    Linulex Regular Pleskian

    25
    40%
    Messages:
    328
    Likes Received:
    32
    Trophy Points:
    462
    Plesk doesnt install apache, debian does that. The apache config i probably somewhere in /etc

    in centos/rhel it is /etc/httpd

    in debian its /etc/apache2 if i am correct.

    https://wiki.debian.org/Apache

    regards
    Jan
     
  5. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    11
    60%
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    132
    Location:
    Marseille (France)
    Hi,
    To answer everyone :

    First this server run Apache 2.2.22 so it can't run ok for TLS 1.2 ...
    And conf is in /etc/apache2/mods-enabled/ssl.conf

    Thx for help guys.
    Cheers.
     
Loading...