• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Search results

  1. C

    setting up ssl on centos with sni

    Great to hear you got it working - well done! Try running the script in this KB article to address the POODLE problems: http://kb.odin.com/en/123160 Cheers, Chris
  2. C

    setting up ssl on centos with sni

    You'll need to add a rule for HTTPS on port 443 to allow it in the firewall - should be TCP and port 443.
  3. C

    setting up ssl on centos with sni

    I would suggest checking the Virtuozzo panel to see if you can open the HTTPS port as it doesn't appear to be open. You can also check if you are using the Plesk firewall module in Plesk by looking under the extensions module on the left-hand side. Is firewall listed there? You may be best to...
  4. C

    setting up ssl on centos with sni

    I don't know exactly how you've set up the server to be able to advise further - are you using a firewall package such as CSF, APF or the Plesk Firewall module? Can you describe briefly how you've set up and installed the server so far?
  5. C

    setting up ssl on centos with sni

    Looking up your domain the-dreamstore.com resolves to 87.106.99.195, and I don't see an HTTPS server running on port 443 on that address. Have you checked your firewall and opened port 443?
  6. C

    setting up ssl on centos with sni

    Have you double checked that SSL is turned on for the domain? This is in Plesk Panel under "Website Scripting & Security" for the domain. If that setting is enabled, try re-generating the web server configuration files with: /usr/local/psa/admin/bin/httpdmng --reconfigure-all And see if that...
  7. C

    setting up ssl on centos with sni

    SNI will work out-the-box without any further configuration necessary. You just set the SSL certificate to be used for each domain in the "Website Scripting and Security" section of Plesk. Make sure you are restarting your browser (or using a private browsing mode such as Incognito mode in...
  8. C

    Plesk Quota Question

    If we enable the disk quota option in Plesk (and assuming the file system has quotas enabled), should this limit the disk space that can be used by a domain even for files created by the 'apache' user? We've been testing this internally and it only seems to limit space for the domain's user...
  9. C

    SSL POODLE / SSLv3 bug

    What I suggest doing is review the Courier IMAP and Postfix SMTP sections in the current version of the KB article (http://kb.odin.com/en/123160) and compare the suggested changes with your current files - I suspect the cipher lists will be different as those were updated about a week after the...
  10. C

    SSL POODLE / SSLv3 bug

    Have you already run the script? If so, are you experiencing problems? I wouldn't run the script again if it has already been run as this will just duplicate the same configuration entries. There isn't an article on how to revert the process, but this would just be a case of working out what...
  11. C

    SSL POODLE / SSLv3 bug

    @Ultravoné It should work just fine - the ssl_v3_disable.sh script has been updated several times by Parallels in response to the feedback from users in this thread. The current version applies the cipher settings which are compatible with all modern mail clients. However, it's a simple change...
  12. C

    SSL POODLE / SSLv3 bug

    In imapd-ssl/pop3d-ssl have you made sure there are no other lines that might be overriding your settings? Check the whole file to make sure there are no other TLS_CIPHER_LIST settings in place that may be interfering with your settings. It should not be necessary to add "!SSLv2:!SSLv3" to the...
  13. C

    SSL POODLE / SSLv3 bug

    So with those settings in place, are you able to connect to the mail server and get mail? And does poodle.sh show your ports are vulnerable/not vulnerable?
  14. C

    SSL POODLE / SSLv3 bug

    I should also add - the iPhone does support TLS. It sounds as if you are using the old TLS_CIPHER_LIST settings which were found not to work properly.
  15. C

    SSL POODLE / SSLv3 bug

    What version of Plesk are you using? And did you update the TLS_CIPHER_LIST and TLS_PROTOCOL settings as per the updated KB article?
  16. C

    SSL POODLE / SSLv3 bug

    Thanks for letting us know the KB article has been revised - the new ciphers work well for for Courier POP/IMAP. Only vulnerable port left now is port 465 (Qmail). Do you use Qmail or Postfix? The fix in ssl_v3_disable.sh for Qmail is to add this line to /var/qmail/control/tlsserverciphers...
  17. C

    SSL POODLE / SSLv3 bug

    We received a ticket response from Parallels saying that it's only possible to disable SSLv3 for Courier POP/IMAP in Plesk 12, and that for earlier versions the updated OpenSSL package should be installed. My understanding is that simply updating OpenSSL is not sufficient to protect against...
  18. C

    SSL POODLE / SSLv3 bug

    @JCV Seems like enabling more ciphers in imapd-ssl/pop3d-ssl is the only solution at present. We also have a ticket open with Parallels and awaiting a solution (they said the KB article only fixes POP/IMAP for Plesk 12, but that's not much help as most users will be using < Plesk 12 as it's so new).
  19. C

    SSL POODLE / SSLv3 bug

    Yes, that's the situation we face too - please see my previous comments with the suggested TLS_CIPHER_LIST setting which works.
  20. C

    SSL POODLE / SSLv3 bug

    Also, once you do get the service running, I would suggest testing extensively to make sure mail clients can connect to the server properly (our experience has been that this doesn't work with the TLS_CIPHER_LIST value as suggested in the Parallels KB).
Back
Top