Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
litespeed_wiki:plesk:enable_tls_13 [2018/07/02 17:03]
qtwrk 		litespeed_wiki:plesk:enable_tls_13 [2023/01/12 16:00] (current)
Lisa Clarke Redirect to new Documentation Site
Line 1: Line 1:
-By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3. This guide is made and tested on Plesk 17.8 and Centos 7.5, for Debian/Ubuntu Plesk ,​configuration files should be located in /etc/​apache2/​mods-available/​ssl.conf +~~REDIRECT>​https:​//docs.litespeedtech.com/lsws/cp/plesk/configuration/#​enable-tls13~~
- +
- +
- +
- +
-1Edit file ''​/etc/httpd/conf.d/ssl.conf''​. +
- +
- +
-Find following lines: +
- +
-<​code>​SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2<​/code> +
- +
- +
-Replace first line to the following:​ +
- +
-<​code>​SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3</​code>​ +
- +
-This is enables TLS1.1 , TLS1.2 and TLS1.3 +
- +
-so in case if you want to disable TLS1.1 as well, then make it: +
- +
-<​code>​SSLProtocol TLSv1.2 TLSv1.3</​code>​ +
- +
- +
- +
- +
-2. If you also want to disable weak cipher suites, find the following lines: +
- +
-<​code>​SSLCipherSuite HIGH:​!aNULL:​!MD5</​code>​ +
- +
-And replace it with: +
- +
-<​code>​SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256:​TLS_AES_256_GCM_SHA384:​TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:​TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:​TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:​TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:​TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:​TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:​TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:​TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</​code>​ +
- +
-Be aware, this may cause CPU load. +
- +
-Test is done by SSL Lab+
  • Admin
  • Last modified: 2018/07/02 17:03
  • by qtwrk