• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question TLS versions and ciphers by Mozilla per domain settings

RobD1982

Basic Pleskian
Hello,

TLS versions and ciphers by Mozilla is system wide, not per domain.
I host 3 domains, no matter for which one I set this setting is set for all 3 domains (strange)
Also Apache/Nginx settings seems like not respected TLS/SSL settings when this option is on.

1. How to manually with editing files configure this per domain?
2. Eventually have turn it on globally but respet settings for each domain in Apache & nginx Settings -> Additional Apache directives for https...
 
my issue I thought that hosting settings:
PHP support (PHP version 7.4.23, run PHP as FPM application served by Apache )
is the same as turning off nginx for as proxy, looks like not and it's only php handle..
in my case I need to check later nginx tls/ssl directives.

Anyway treat it as suggestion to set this manually for each domain/subdomain/ service (www, mail, ftp, etc) instead of global per server.
 
This cannot be done
You ask why? because TLS version are determined between client and server, before the connection reaches the webserver.

If you use different IP addresses for each domain/virtual-host, then you could do that, see also https://support.f5.com/csp/article/K84508595

So this is always system-wide?
To be clear, certificate keys can be assigned per domains, but TLS/SSL ciphers settings are always global per IP ?
 
TSL/SSL version and ciphers are per IP/PORT combination.

So you could use different settings for domains/virtual-hosts on different ip addresses and/or ports.
Of course, the later is quite moot, as in general you are required to use port 443 anyhow.
But if you have multiple ip addresses, then you can distribute them to your domains and use different SSL settings.
 
So settings in additional nginx setting or apache directives on mod_ssl.c does not make any sense because it will not be respected.
(expect assigning different certificate keys per domains) ?

Where is this setting stored in latest Plesk? (I mean file config location)
 
Back
Top