• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question TLS versions and ciphers by Mozilla per domain settings

R

RobD1982

Basic Pleskian
Hello,

TLS versions and ciphers by Mozilla is system wide, not per domain.
I host 3 domains, no matter for which one I set this setting is set for all 3 domains (strange)
Also Apache/Nginx settings seems like not respected TLS/SSL settings when this option is on.

1. How to manually with editing files configure this per domain?
2. Eventually have turn it on globally but respet settings for each domain in Apache & nginx Settings -> Additional Apache directives for https...
 
my issue I thought that hosting settings:
PHP support (PHP version 7.4.23, run PHP as FPM application served by Apache )
is the same as turning off nginx for as proxy, looks like not and it's only php handle..
in my case I need to check later nginx tls/ssl directives.

Anyway treat it as suggestion to set this manually for each domain/subdomain/ service (www, mail, ftp, etc) instead of global per server.
 
ChristophRo said:
This cannot be done
You ask why? because TLS version are determined between client and server, before the connection reaches the webserver.

If you use different IP addresses for each domain/virtual-host, then you could do that, see also https://support.f5.com/csp/article/K84508595
Click to expand...

So this is always system-wide?
To be clear, certificate keys can be assigned per domains, but TLS/SSL ciphers settings are always global per IP ?
 
TSL/SSL version and ciphers are per IP/PORT combination.

So you could use different settings for domains/virtual-hosts on different ip addresses and/or ports.
Of course, the later is quite moot, as in general you are required to use port 443 anyhow.
But if you have multiple ip addresses, then you can distribute them to your domains and use different SSL settings.
 
So settings in additional nginx setting or apache directives on mod_ssl.c does not make any sense because it will not be respected.
(expect assigning different certificate keys per domains) ?

Where is this setting stored in latest Plesk? (I mean file config location)
 
You must log in or register to reply here.

Similar threads

D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
7K
omniscient
O
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
2K
joell
J
M
Resolved Help request: SSL certificate seems to have trust issues. How to resolve?
Replies
4
Views
866
MHC_1
M
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2 3
Replies
48
Views
10K
gsk
gsk
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
1K
deepnpisgah
D
Back
Top