1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Question TLS 1.2 ok only if NGINX running

Discussion in 'Plesk 12.x for Linux' started by Pascal_Netenvie, Feb 16, 2017.

  1. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    12
    85%
    Joined:
    Dec 4, 2015
    Messages:
    149
    Likes Received:
    5
    Location:
    Marseille (France)
    Hello,
    I actually test https on website on a server with Plesk 12.5 and Debian 8.

    If Nginx run i get this :
    Secure Connection
    The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).

    But if it don't run (Apache only) i get this :
    Obsolete Connection Settings
    The connection to this site uses an obsolete protocol (TLS 1.0), a strong key exchange (ECDHE_RSA with P-256), and an obsolete cipher (AES_256_CBC with HMAC-SHA1).

    How to solve that and get TLS1.2 even without NGINX ?

    Regards.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    As far as I remember in order to use TLSv1.2 for SSLProtocol, you need at least Apache version 2.2.23 (in addition to OpenSSL 1.0.1 or higher).
    If it is ok, define

    SSLProtocol TLSv1.2

    in Apache ssl.conf.
     
  3. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    12
    85%
    Joined:
    Dec 4, 2015
    Messages:
    149
    Likes Received:
    5
    Location:
    Marseille (France)
    Hi Igor,

    Thanks i will check that.
    Where is the file Apache ssl.conf. in a plesk 12+ configuration ?

    Cheers.
     
  4. Linulex

    Linulex Regular Pleskian

    33
    80%
    Joined:
    Aug 4, 2001
    Messages:
    426
    Likes Received:
    61
    Plesk doesnt install apache, debian does that. The apache config i probably somewhere in /etc

    in centos/rhel it is /etc/httpd

    in debian its /etc/apache2 if i am correct.

    https://wiki.debian.org/Apache

    regards
    Jan
     
  5. Pascal_Netenvie

    Pascal_Netenvie Regular Pleskian

    12
    85%
    Joined:
    Dec 4, 2015
    Messages:
    149
    Likes Received:
    5
    Location:
    Marseille (France)
    Hi,
    To answer everyone :

    First this server run Apache 2.2.22 so it can't run ok for TLS 1.2 ...
    And conf is in /etc/apache2/mods-enabled/ssl.conf

    Thx for help guys.
    Cheers.
     
Loading...