For security reasons, it is wise to only use the newer TLS versions on your Plesk VPS. TLS is the successor to SSL and when talking about SSL, TLS is (almost) always meant nowadays.
There are two ways to enable TLS 1.2 and disable 1.0: from command-line or Plesk itself.
- At the time of writing, Plesk Premium Antivirus does not work if you disable TLS 1.0 (this has no further impact if you only use firewalld/iptables).
- TLS 1.2 is safer than the predecessors and is recommended by us, but please note that if your server only uses TLS 1.2 (instead of TLS 1.1 and 1.2) and the client uses 1.1, there will be no communication between the two.
Enabling TLS 1.2 via Plesk
Step 1
Log in to Plesk and go to 'Tools & Settings'> 'Scheduled Tasks' (the example below shows the Power User View).
Step 2
Click 'Add Task' at the top left.
Step 3
Select 'Run a command' (the default option), enter the command below behind 'Command' and click 'Run Now'.
/usr/local/psa/bin/server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
The page then looks like this:
When you click 'Run Now' you will see the status at the bottom right with a confirmation afterwards:
Enabling TLS 1.2 via command-line
Step 1
Connect to your VPS via command-line or via the VPS console.
Step 2
On your Plesk-VPS, you can easily disable TLS1.0 by specifying which versions you want to use (this command is server wide):
plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2'
In this example, we opt for TLSv1.1 and 1.2. Do you only want to use TLSv1.2? Then leave TLSv1.1 out of the command.
Step 3
Finally, specify the TLS 1.2 cipher list for Apache:
plesk bin server_pref -u -ssl-ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
You've now succesfully enabled TLS 1.2 while disabling TLS 1.0. Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.