Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:plesk:enable_tls_13 [2018/07/03 12:20]
qtwrk
+++ litespeed_wiki:plesk:enable_tls_13 [2018/07/07 00:34]
qtwrk [Enabling TLS1.3]
@@ Line 1: / Line 1: @@
-====== How to enhance Plesk's security feature by enable TLS 1.3 and disable weak cipher suits. ======
+====== Enhance Plesk Security by Enabling TLS 1.3 ======
+You can enhance Plesk's security features by enabling TLS 1.3 and disabling weak cipher suites.
-By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2.
+By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3.
-This guide will show you how to enable TLS 1.3.
+This guide is made and tested on Plesk 17.8 and Centos 7.5. For Debian/Ubuntu Plesk ,configuration files should be located in ''/etc/apache2/mods-available/ssl.conf''.
-This guide is made and tested on Plesk 17.8 and Centos 7.5.
-For Debian/Ubuntu Plesk ,configuration files should be located in ''/etc/apache2/mods-available/ssl.conf''.
 {{:litespeed_wiki:plesk:plesktls13-1.png|}}
 ===== Enabling TLS1.3 =====
+Edit the file ''/etc/httpd/conf.d/ssl.conf''.
-Edit file ''/etc/httpd/conf.d/ssl.conf''.
+Find the following line and comment out (you can use # ):
+<code><IfModule mod_ssl.c>
+SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
+SSLCipherSuite HIGH:!aNULL:!MD5
+</IfModule></code>
+Replace it with:
+<code><IfModule LiteSpeed>
+SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
+SSLCipherSuite HIGH:!aNULL:!MD5
+</IfModule></code>
-Find following line:
+This enables TLS1.1 , TLS1.2 and TLS1.3
-<code>SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2</code>
-Replace it with following:
-<code>SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3</code>
-This is enables TLS1.1 , TLS1.2 and TLS1.3
 {{:litespeed_wiki:plesk:plesktls13-2.png|}}
+If you want to disable TLS1.1 as well, then change the line to:
-So in case if you want to disable TLS1.1 as well, then make it:
 <code>SSLProtocol TLSv1.2 TLSv1.3</code>
+===== Disable Weak Cipher Suites (Optional) =====
-===== Disable Weak Cipher Suits (Optional) =====
 {{:litespeed_wiki:plesk:plesktls13-3.jpg|}}
-By default, Plesk also comes with some weak cipher suites, if you also want to disable weak cipher suites, find the following lines:
+By default, Plesk also comes with some weak cipher suites. If you want to disable them, find the following line:
 <code>SSLCipherSuite HIGH:!aNULL:!MD5</code>
 And replace it with:
 <code>SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</code>
@@ Line 52: / Line 41: @@
 Be aware, this may cause CPU load.
+Testing is done through [[https://www.ssllabs.com/ssltest/|SSL Lab]].
-Test is done through [[https://www.ssllabs.com/ssltest/|SSL Lab]]