This is an old revision of the document!

By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2.

This guide will show you how to enable TLS 1.3.

This guide is made and tested on Plesk 17.8 and Centos 7.5, for Debian/Ubuntu Plesk ,configuration files should be located in /etc/apache2/mods-available/ssl.conf.

1. Edit file /etc/httpd/conf.d/ssl.conf.

Find following lines: 

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

Replace first line to the following: 

SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3

This is enables TLS1.1 , TLS1.2 and TLS1.3

so in case if you want to disable TLS1.1 as well, then make it: 

SSLProtocol TLSv1.2 TLSv1.3

2. If you also want to disable weak cipher suites, find the following lines: 

SSLCipherSuite HIGH:!aNULL:!MD5

And replace it with: 

SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Be aware, this may cause CPU load.

Test is done by SSL Lab

  • Admin
  • Last modified: 2018/07/02 17:05
  • by qtwrk