Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:plesk:enable_tls_13 [2018/07/03 12:20] qtwrk |
litespeed_wiki:plesk:enable_tls_13 [2023/01/12 16:00] (current) Lisa Clarke Redirect to new Documentation Site |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== How to enhance Plesk's security feature by enable TLS 1.3 and disable weak cipher suits. ====== | + | ~~REDIRECT>https://docs.litespeedtech.com/lsws/cp/plesk/configuration/#enable-tls13~~ |
- | + | ||
- | By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. | + | |
- | + | ||
- | This guide will show you how to enable TLS 1.3. | + | |
- | + | ||
- | This guide is made and tested on Plesk 17.8 and Centos 7.5. | + | |
- | + | ||
- | For Debian/Ubuntu Plesk ,configuration files should be located in ''/etc/apache2/mods-available/ssl.conf''. | + | |
- | + | ||
- | {{:litespeed_wiki:plesk:plesktls13-1.png|}} | + | |
- | + | ||
- | + | ||
- | ===== Enabling TLS1.3 ===== | + | |
- | + | ||
- | Edit file ''/etc/httpd/conf.d/ssl.conf''. | + | |
- | + | ||
- | + | ||
- | Find following line: | + | |
- | + | ||
- | <code>SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2</code> | + | |
- | + | ||
- | + | ||
- | Replace it with following: | + | |
- | + | ||
- | <code>SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3</code> | + | |
- | + | ||
- | This is enables TLS1.1 , TLS1.2 and TLS1.3 | + | |
- | + | ||
- | {{:litespeed_wiki:plesk:plesktls13-2.png|}} | + | |
- | + | ||
- | + | ||
- | So in case if you want to disable TLS1.1 as well, then make it: | + | |
- | + | ||
- | <code>SSLProtocol TLSv1.2 TLSv1.3</code> | + | |
- | + | ||
- | + | ||
- | ===== Disable Weak Cipher Suits (Optional) ===== | + | |
- | + | ||
- | {{:litespeed_wiki:plesk:plesktls13-3.jpg|}} | + | |
- | + | ||
- | By default, Plesk also comes with some weak cipher suites, if you also want to disable weak cipher suites, find the following lines: | + | |
- | + | ||
- | + | ||
- | <code>SSLCipherSuite HIGH:!aNULL:!MD5</code> | + | |
- | + | ||
- | And replace it with: | + | |
- | + | ||
- | <code>SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</code> | + | |
- | + | ||
- | {{:litespeed_wiki:plesk:plesktls13-4.png|}} | + | |
- | + | ||
- | Be aware, this may cause CPU load. | + | |
- | + | ||
- | Test is done through [[https://www.ssllabs.com/ssltest/|SSL Lab]] | + |