• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question TLS versions and ciphers by Mozilla per domain settings

R

RobD1982

Basic Pleskian
Hello,

TLS versions and ciphers by Mozilla is system wide, not per domain.
I host 3 domains, no matter for which one I set this setting is set for all 3 domains (strange)
Also Apache/Nginx settings seems like not respected TLS/SSL settings when this option is on.

1. How to manually with editing files configure this per domain?
2. Eventually have turn it on globally but respet settings for each domain in Apache & nginx Settings -> Additional Apache directives for https...
 
my issue I thought that hosting settings:
PHP support (PHP version 7.4.23, run PHP as FPM application served by Apache )
is the same as turning off nginx for as proxy, looks like not and it's only php handle..
in my case I need to check later nginx tls/ssl directives.

Anyway treat it as suggestion to set this manually for each domain/subdomain/ service (www, mail, ftp, etc) instead of global per server.
 
ChristophRo said:
This cannot be done
You ask why? because TLS version are determined between client and server, before the connection reaches the webserver.

If you use different IP addresses for each domain/virtual-host, then you could do that, see also https://support.f5.com/csp/article/K84508595
Click to expand...

So this is always system-wide?
To be clear, certificate keys can be assigned per domains, but TLS/SSL ciphers settings are always global per IP ?
 
TSL/SSL version and ciphers are per IP/PORT combination.

So you could use different settings for domains/virtual-hosts on different ip addresses and/or ports.
Of course, the later is quite moot, as in general you are required to use port 443 anyhow.
But if you have multiple ip addresses, then you can distribute them to your domains and use different SSL settings.
 
So settings in additional nginx setting or apache directives on mod_ssl.c does not make any sense because it will not be respected.
(expect assigning different certificate keys per domains) ?

Where is this setting stored in latest Plesk? (I mean file config location)
 
You must log in or register to reply here.

Similar threads

D
Issue Can't enable TLSv1 and TLSv1.1 on Ubuntu 22.04
Replies
4
Views
5K
omniscient
O
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
350
joell
J
Hangover2
Forwarded to devs SSL It! breaks renewal and usage of Let's Encrypt wildcard certificates when subdomains are involved
2
Replies
28
Views
6K
marcoherzog
M
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
620
deepnpisgah
D
R
Issue Plesk repair -all error
Replies
4
Views
1K
MARS_NETWORKS
M
Back
Top