This is an old revision of the document!

Enhance Plesk Security by Enabling TLS 1.3

You can enhance Plesk's security features by enabling TLS 1.3 and disabling weak cipher suites.

By default, Plesk configuration enables TLS1.0 , TLS1.1 and TLS1.2. This guide will show you how to enable TLS 1.3.

This guide is made and tested on Plesk 17.8 and Centos 7.5. For Debian/Ubuntu Plesk ,configuration files should be located in /etc/apache2/mods-available/ssl.conf.

Edit the file /etc/httpd/conf.d/ssl.conf.

Find the following line and comment out (you can use # ):

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!MD5

Replace it with:

<IfModule LiteSpeed>
SSLProtocol TLSv1.1 TLSv1.2 TLSv1.3
SSLCipherSuite HIGH:!aNULL:!MD5

This enables TLS1.1 , TLS1.2 and TLS1.3

If you want to disable TLS1.1 as well, then change the line to:

SSLProtocol TLSv1.2 TLSv1.3

By default, Plesk also comes with some weak cipher suites. If you want to disable them, find the following line:

SSLCipherSuite HIGH:!aNULL:!MD5

And replace it with:


Be aware, this may cause CPU load. Testing is done through SSL Lab.

  • Admin
  • Last modified: 2018/07/07 00:34
  • by qtwrk