• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Changing NGINX to only use TLS1.2

M

Martin Andersson

New Pleskian
Hello!

The latest update of 11.5.30 has broken my custom NGINX settings which allowed only TLS1.2. My sites are now using SSLV3 and TLSV1 only. For the life of me, I can't figure out where to change this back. All my NGINX configuration files seem to be correct under /etc/nginx/plesk.conf.d/ -- what am I missing? :)

Many thanks,

Martin
 
InderS said:
Try to chnage your site nginx setting with the "ssl_protocols -- SSLv3 TLSv1 TLSv1.1 TLSv1.2"

Check this : http://nginx.org/en/docs/http/configuring_https_servers.html
Click to expand...

Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
 
Martin Andersson said:
Thanks for your feedback. I have already done this, and re-checked the configuration files since the latest update. Everything looks fine with the line:

ssl_protocols TLSv1.2;

I assume I'm just being daft and missing something. I know updates break custom settings, but I just can't see any configuration file which shows:

ssl_protocols SSLv3 TLSv1;

Which are the currently enabled protocols since the last update. TLSv1.2 is still working for the Plesk admin panel.

Martin
Click to expand...

To make it more interesting, I just created a new webspace and it has the correct SSL settings. :) I have tried running:

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

But hasn't changed the problem for any webspace that was enabled during the last update....

/M
 
I found a solution to enable TLS 1.1 and TLS 1.2 by my self.

You have to modify the two PHP files:
usr/local/psa/admin/conf/templetes/default/nginxWebmailPartial.php
usr/local/psa/admin/conf/templetes/default/domain/nginxDomainVirtualHost.php

Code: 
ssl_protocols             SSLv3 TLSv1 [B]TLSv1.1 TLSv1.2[/B];

webmail.* and all domains using nginx support TLS 1.1 and TLS 1.2 now.

(http://forum.parallels.com/showthread.php?300627-nginx-reverse-proxy-with-TLSv1-1-and-TLSv1-2)
 
You must log in or register to reply here.

Similar threads

s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
818
s-light
s-light
S
Question How can I make my changes to Nginx site config Permanent per site?
Replies
3
Views
656
Raul A.
R
L
Question Ubuntu 24.04 LTS and Apache default ip folder
Replies
1
Views
1K
LRLD
L
P
Question Getting X-Forwarded-For IP address from behind a nginx proxy server
Replies
4
Views
2K
philglau
P
F
Resolved HTTP 3 is not used despite NGINX Only hosting
2
Replies
23
Views
4K
MartinT
M
Back
Top