Facebook
Twitter-
We value your experience with Plesk during 2024
Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
Please take this short survey:
https://pt-research.typeform.com/to/AmZvSXkx -
The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
-
We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.
TLS 1.2
- Thread starter Madness
- Start date
Yep "yum update openssl" Im Using xenforo and in the control panel its displaying that message above, apparently it only displays if your not using 1.2.
@Madness,
Just install the appropriate OpenSSL package manually, a nice procedure has been given in: https://talk.plesk.com/threads/important-exploit-in-sslv2-update-openssl.337191/#post-797678
After installing the OpenSSL 1.0.1s version, you should still run the command: plesk sbin pci_compliance_resolver --enable <service>
This command will not only allow TLS 1.2, but also disallow all vulnerable SSL connections (read: securing your server according to PCI compliance settings).
Note that, if you decide to apply PCI compliant settings to all services, you can simple use the "--enable flag" alone (without a service name behind it), in which case ProFtpd will also be made PCI compliant, which on it´s turn requires that you enable passive ports (just add a file called custom.conf to /etc/proftpd.d directory and add to the content the line "ServerIdent Off" and the line "PassivePorts <start port range> <end port range>", with some custom port range).
Hope the above helps a bit.
If you have questions, just let me know.
Regards......
Just install the appropriate OpenSSL package manually, a nice procedure has been given in: https://talk.plesk.com/threads/important-exploit-in-sslv2-update-openssl.337191/#post-797678
After installing the OpenSSL 1.0.1s version, you should still run the command: plesk sbin pci_compliance_resolver --enable <service>
This command will not only allow TLS 1.2, but also disallow all vulnerable SSL connections (read: securing your server according to PCI compliance settings).
Note that, if you decide to apply PCI compliant settings to all services, you can simple use the "--enable flag" alone (without a service name behind it), in which case ProFtpd will also be made PCI compliant, which on it´s turn requires that you enable passive ports (just add a file called custom.conf to /etc/proftpd.d directory and add to the content the line "ServerIdent Off" and the line "PassivePorts <start port range> <end port range>", with some custom port range).
Hope the above helps a bit.
If you have questions, just let me know.
Regards......
Ive updated manually from this tut https://talk.plesk.com/threads/important-exploit-in-sslv2-update-openssl.337191/#post-797678
Result:
openssl version
OpenSSL 1.0.1s 1 Mar 2016
but if i run this rpm -q openssl
I get openssl-1.0.1e-42.el6_7.4.x86_64
phpinfo.php also says
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL Header Version OpenSSL 1.0.1e-fips 11 Feb 2013
websavers
Regular Pleskian
I could be wrong about this, but I think those detection systems are checking for your raw version of OpenSSL, assuming it won't work, and not actually confirming TLS1.2 connectivity. From what I've read, it's been baked into OpenSSL versions in Redhat/CentOS systems for at least a year now. The only reason it wouldn't be obvious is because Redhat/CentOS adds essential features and security fixes by backporting them into the original system installed version number, rather than installing the new version.
