• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

Changing NGINX to only use TLS1.2

M

Martin Andersson

New Pleskian
Hello!

The latest update of 11.5.30 has broken my custom NGINX settings which allowed only TLS1.2. My sites are now using SSLV3 and TLSV1 only. For the life of me, I can't figure out where to change this back. All my NGINX configuration files seem to be correct under /etc/nginx/plesk.conf.d/ -- what am I missing? :)

Many thanks,

Martin
 
InderS said:
Try to chnage your site nginx setting with the "ssl_protocols -- SSLv3 TLSv1 TLSv1.1 TLSv1.2"

Check this : http://nginx.org/en/docs/http/configuring_https_servers.html
Click to expand...

Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
 
Martin Andersson said:
Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
Click to expand...

To make it more interesting, I just created a new webspace and it has the correct SSL settings. :) I have tried running:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

But hasn't changed the problem for any webspace that was enabled during the last update....

/M
 
I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.

(http://forum.parallels.com/showthread.php?300627-nginx-reverse-proxy-with-TLSv1-1-and-TLSv1-2)
 
You must log in or register to reply here.

Similar threads

s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
876
s-light
s-light
S
Question How can I make my changes to Nginx site config Permanent per site?
Replies
3
Views
706
Raul A.
R
L
Question Ubuntu 24.04 LTS and Apache default ip folder
Replies
1
Views
1K
LRLD
L
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
3K
philglau
P
F
Resolved HTTP 3 is not used despite NGINX Only hosting
2
Replies
23
Views
5K
MartinT
M
Back
Top