• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question TLS versions and ciphers by Mozilla per domain settings

R

RobD1982

Basic Pleskian
Hello,

TLS versions and ciphers by Mozilla is system wide, not per domain.
I host 3 domains, no matter for which one I set this setting is set for all 3 domains (strange)
Also Apache/Nginx settings seems like not respected TLS/SSL settings when this option is on.

1. How to manually with editing files configure this per domain?
2. Eventually have turn it on globally but respet settings for each domain in Apache & nginx Settings -> Additional Apache directives for https...
 
my issue I thought that hosting settings:
PHP support (PHP version 7.4.23, run PHP as FPM application served by Apache )
is the same as turning off nginx for as proxy, looks like not and it's only php handle..
in my case I need to check later nginx tls/ssl directives.

Anyway treat it as suggestion to set this manually for each domain/subdomain/ service (www, mail, ftp, etc) instead of global per server.
 
ChristophRo said:
This cannot be done
You ask why? because TLS version are determined between client and server, before the connection reaches the webserver.

If you use different IP addresses for each domain/virtual-host, then you could do that, see also https://support.f5.com/csp/article/K84508595
Click to expand...

So this is always system-wide?
To be clear, certificate keys can be assigned per domains, but TLS/SSL ciphers settings are always global per IP ?
 
TSL/SSL version and ciphers are per IP/PORT combination.

So you could use different settings for domains/virtual-hosts on different ip addresses and/or ports.
Of course, the later is quite moot, as in general you are required to use port 443 anyhow.
But if you have multiple ip addresses, then you can distribute them to your domains and use different SSL settings.
 
So settings in additional nginx setting or apache directives on mod_ssl.c does not make any sense because it will not be respected.
(expect assigning different certificate keys per domains) ?

Where is this setting stored in latest Plesk? (I mean file config location)
 
You must log in or register to reply here.

Similar threads

QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
370
QWeb Ric
QWeb Ric
Azurel
TLS handshake error. No match between hostname (“example.com”) and certificate.
Replies
7
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
I
Issue Issue with user Certs in Plesk 17, Apache and Nginx
Replies
0
Views
278
IsmaelDSC
I
G
Issue Unable to create temporary domain and/or assign a SSL Certificate to domains *.plesk.page
Replies
3
Views
401
Sebahat.hadzhi
Sebahat.hadzhi
LionKing
Issue Cloudflare's proxy function and SSL certificates
Replies
18
Views
4K
WebHostingAce
WebHostingAce
Back
Top