• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

New Plesk 12 install has POODLE unpatched

G

gbotica

Regular Pleskian
Hi,

I just got a new Plesk 12 VPS with MediaTemple. As deployed fresh, the server has the POODLE vulnerability unpatched -- I would have thought Parallels would have new installs fixed by now?

Anyway, rather than going through the lengthy patching process, as described here http://kb.odin.com/en/123160 I was hoping to find the quickest and most robust fix. There is a script available on the KB page to automate the patching, but it didn't work on some of my other Plesk installs, I had to do it manually.

I see that the site templates at /usr/local/psa/admin/conf/templates/default/ have been updated with things like this:

Code: 
<?php if (get_param('disablesslv3')): ?>
    ssl_protocols               TLSv1 TLSv1.1 TLSv1.2;
<?php else: ?>
    ssl_protocols               SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
<?php endif ?>

Where is this param 'disablesslv3' set? How can it be set to 'true'?

Does setting this param affect other services, also patching them for POODLE? Or does it just affect NGINX?

What is the best practice for patching a fresh Plesk 12 install for POODLE?

Thanks in advance for your assistance.
 
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
 
IgorG said:
Please use following method:

1. Set disablesslv3 parameter:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -Dpsa -e "insert into misc values('disablesslv3', 'true')"

2. Regenerate configs:

# /usr/local/psa/admin/bin/httpdmng --reconfigure-all

3. Check results:

# cat /var/www/vhosts/system/*/conf/last_nginx.conf | grep ssl_protocols
Click to expand...

Great, thanks very much for the info. It looks like this "disablesslv3" parameter is only used with NGINX configuration (?) and other services must be patched additionally?
 
You must log in or register to reply here.

Similar threads

J
Issue Drweb won't start in new Debian12 installation
Replies
4
Views
1K
Peter Debik
P
Azurel
Resolved Why SSLv2 and SSLv3?
Replies
1
Views
2K
UFHH01
U
M
Resolved Enable a PHP socket for nginx for custom website outside Plesk
Replies
2
Views
4K
mr-wolf
M
burnley
Question Plesk old->new server migration - best strategy
Replies
4
Views
3K
burnley
burnley
E
Error on installing/upgrading Plesk 12 on CentOS 6.7
Replies
4
Views
2K
Erwin VdB
E
Back
Top