To disable SSLv2 server-wide on a Plesk server, add this in your /etc/httpd/conf.d/ssl.conf:
SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
SSLProtocol all -SSLv2
Put the directive very high in the file, outside the VirtualHost directive, preferably right below the Listen directive. This will work for all SSL VirtualHosts.
How can I ensure that Apache does not allow SSL 2.0 protocol that has known weaknesses?












More and More google brings me here for the answer to my question. You sir are an asset to the internet. Thank you for sharing your knowledge!
Thanks you, Thank you, Thank you.
Finally I was able to do it !
It's better to use:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH
Question: Can the same directives be used in /usr/local/psa/admin/conf/httpsd.conf to disable SSL v2 and TLS v1 in Plesk's internal Apache (port 8443)?
Requires a "service psa restart" after changing that config file.
It seems to work, but I'm not sure if that's a file that Plesk will eventually overwrite.