• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Where has apache cipher config gone?

HostaHost

Regular Pleskian
In Plesk 10 on CentOS using Apache, the SSL cipher configuration was set in /etc/httpd/conf.d/ssl.conf via the SSLProtocol and SSLCipherSuite directives. In Plesk 11 on CentOS with Apache, that entire section of the config file is commented out. I can't find anything related to ciphers in the core apache files, in the conf.d files, in the /var/www/vhosts/domain/conf/ files or in the files in /usr/local/psa/admin/conf/generated/.

Where has the cipher configuration gone?
 
There is following default values if you haven't specified these directives:

for SSLCipherSuite it is ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

If you have istalled mod_ssl you can create file /etc/httpd/conf.d/ssl.conf with following content:

<IfModule mod_ssl.c>
SSLProtocol all -SSLv2
SSLCipherSuite это ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</IfModule>

BTW, SSLCipherSuite HIGH:MEDIUM:!ADH would be better.
 
We've found we need the following to get it to pass security scans:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!DH:!MD5:!aNULL:!eNULL:!SSLv2:!LOW
 
We've found we need the following to get it to pass security scans:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!DH:!MD5:!aNULL:!eNULL:!SSLv2:!LOW

Thank you for useful information!
 
Back
Top