1

I used the Plesk extension for Let's Encrypt (https://github.com/plesk/letsencrypt-plesk), but chrome shows that an old cypher suite is used. The certificate uses:

  • TLS 1.2
  • AES_256_CBC
  • HMAC-SHA1
  • ECDHE_RSA

I found out that AES_256_CBC seems to be the problem, but the UI does not allow for any configuration of these parameters.
Is there a configuration file that allows this?
I only found http://letsencrypt.readthedocs.org/en/latest/using.html#configuration-file which does not seem to support these options

Thank you

4

1 回答 1

1

对于服务器范围,您可以更改:

  • 对于 nginx,ssl_ciphers进入/etc/nginx/conf.d/ssl.conf

ssl_ciphers EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256;

  • 对于 apache,SSLCipherSuite在文件中/etc/apache2/mods-enabled/ssl.conf

SSLCipherSuite EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256

对于每个单独的站点,您可以在 Apache/Nginx 的其他 Web 服务器指令中使用相同的字符串: plesk apache/nginx 每个站点选项

此外,Plesk 具有用于强化所有支持服务中的安全选项的多合一工具:

plesk sbin pci_compliance_resolver --enable

于 2016-01-18T12:18:25.080 回答