Article overview

Help article

Plesk disable TLS 1.0

For security reasons, it is wise to only use the newer TLS versions on your Plesk VPS. TLS is the successor to SSL and when talking about SSL, TLS is (almost) always meant nowadays. 

There are two ways to enable TLS 1.2 and disable 1.0: from command-line or Plesk itself.

  • At the time of writing, Plesk Premium Antivirus does not work if you disable TLS 1.0 (this has no further impact if you only use firewalld/iptables).
     
  • TLS 1.2 is safer than the predecessors and is recommended by us, but please note that if your server only uses TLS 1.2 (instead of TLS 1.1 and 1.2) and the client uses 1.1, there will be no communication between the two.

Enabling TLS 1.2 via Plesk

 

Step 1

Log in to Plesk and go to 'Tools & Settings'> 'Scheduled Tasks' (the example below shows the Power User View).

plesk tools and settings scheduled tasks


 

Step 2

Click 'Add Task' at the top left.

plesk scheduled tasks add task


 

Step 3

Select 'Run a command' (the default option), enter the command below behind 'Command' and click 'Run Now'.

/usr/local/psa/bin/server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'

The page then looks like this:

plesk schedule a task

When you click 'Run Now' you will see the status at the bottom right with a confirmation afterwards:

plesk task completed


Enabling TLS 1.2 via command-line

 

Step 1

Connect to your VPS via command-line or via the VPS console.


 

Step 2

On your Plesk-VPS, you can easily disable TLS1.0 by specifying which versions you want to use (this command is server wide):

plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'

In this example, we opt for TLSv1.1 and 1.2. Do you only want to use TLSv1.2? Then leave TLSv1.1 out of the command.


 

Step 3

Finally, specify the TLS 1.2 cipher list for Apache:

plesk bin server_pref -u -ssl-ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'

 

You've now succesfully enabled TLS 1.2 while disabling TLS 1.0. Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

 

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us