Disabling SSLv2 in Plesk

To disable SSLv2 server-wide on a Plesk server, add this in your /etc/httpd/conf.d/ssl.conf:

SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
SSLProtocol all -SSLv2

Put the directive very high in the file, outside the VirtualHost directive, preferably right below the Listen directive. This will work for all SSL VirtualHosts.

How can I ensure that Apache does not allow SSL 2.0 protocol that has known weaknesses?

This entry was posted on 27/02/2007 (Tuesday) at 12:17 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Printed from: http://rackerhacker.com/2007/02/27/disabling-sslv2-in-plesk/ .
© Major Hayden 2012.

5 Comments   »

  • Fun King says:
    18.01.09 at 20:41

    More and More google brings me here for the answer to my question. You sir are an asset to the internet. Thank you for sharing your knowledge!

  • Zag says:
    14.02.09 at 13:44

    Thanks you, Thank you, Thank you.
    Finally I was able to do it !

  • Avinesh Bangar says:
    25.02.09 at 01:37

    It's better to use:
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH

  • Michael Lehmkuhl says:
    15.09.09 at 10:31

    Question: Can the same directives be used in /usr/local/psa/admin/conf/httpsd.conf to disable SSL v2 and TLS v1 in Plesk's internal Apache (port 8443)?

    Requires a "service psa restart" after changing that config file.

    It seems to work, but I'm not sure if that's a file that Plesk will eventually overwrite.

  • n Pernon says:
    14.10.10 at 10:55

    Thanks a lot, it works. directive must be out of virtualhost as you warn. gg


RSS feed for comments on this post

Leave a Reply

 

  • Welcome! I started this blog as a way to give back to all of the other system administrators who have taught me something in the past. Writing these posts brings me a lot of enjoyment and I hope you find the information useful. If you spot something that's incorrect or confusing, please write a comment and let me know. Drop me a line if there's something you want to know more about and I'll do my best to write a post on the topic.
    -- Major Hayden

    Flattr this