• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Where has apache cipher config gone?

H

HostaHost

Regular Pleskian
In Plesk 10 on CentOS using Apache, the SSL cipher configuration was set in /etc/httpd/conf.d/ssl.conf via the SSLProtocol and SSLCipherSuite directives. In Plesk 11 on CentOS with Apache, that entire section of the config file is commented out. I can't find anything related to ciphers in the core apache files, in the conf.d files, in the /var/www/vhosts/domain/conf/ files or in the files in /usr/local/psa/admin/conf/generated/.

Where has the cipher configuration gone?
 
There is following default values if you haven't specified these directives:

for SSLCipherSuite it is ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

If you have istalled mod_ssl you can create file /etc/httpd/conf.d/ssl.conf with following content:

<IfModule mod_ssl.c>
SSLProtocol all -SSLv2
SSLCipherSuite это ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
</IfModule>

BTW, SSLCipherSuite HIGH:MEDIUM:!ADH would be better.
 
We've found we need the following to get it to pass security scans:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!DH:!MD5:!aNULL:!eNULL:!SSLv2:!LOW
 
Hostasaurus.Com said:
We've found we need the following to get it to pass security scans:

SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!DH:!MD5:!aNULL:!eNULL:!SSLv2:!LOW
Click to expand...

Thank you for useful information!
 
You must log in or register to reply here.

Similar threads

M
Issue Plesk using wrong directory for Apache web server config
Replies
3
Views
1K
marcvh
M
L
Question Ubuntu 24.04 LTS and Apache default ip folder
Replies
1
Views
1K
LRLD
L
R
Issue Debian 12 update fails
Replies
5
Views
975
Kaspar@Plesk
Kaspar@Plesk
andreios
Issue Warning: Custom template has insufficient permissions: nginxDomainVirtualHost.php
Replies
3
Views
6K
Maarten
M
T
ISSUE - Nginx config generation failure and http2 directive implementation failure
Replies
14
Views
4K
Bitpalast
Bitpalast
Back
Top