Enhance Plesk Security by Enabling TLS 1.3

You can enhance Plesk's security features by enabling TLS 1.3 and disabling weak cipher suites.

By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3.

This guide is made and tested on Plesk 17.8 and Centos 7.5. For Debian/Ubuntu Plesk ,configuration files should be located in /etc/apache2/mods-available/ssl.conf.

Edit the file /etc/httpd/conf.d/ssl.conf.

Find the following line and comment out (you can use # ):

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5

Replace it with:

<IfModule LiteSpeed>
SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5

This enables TLS1.1 , TLS1.2 and TLS1.3

If you want to disable TLS1.1 as well, then change the line to:

SSLProtocol TLSv1.2 TLSv1.3

By default, Plesk also comes with some weak cipher suites. If you want to disable them, find the following line:

SSLCipherSuite HIGH:!aNULL:!MD5

And replace it with:


Be aware, this may cause CPU load.

Testing is done through SSL Lab.

  • Admin
  • Last modified: 2018/08/08 22:48
  • by qtwrk