Disabling Weak and Medium Ciphers on Plesk
One of the things that Qualified Scanning Vendors look for on a server is that the server does not use weak AND medium strength ciphers. Plesk does come with a tool to enable you to switch off weak ciphers used with courier, Apache, and the control panel itself.
/usr/local/psa/admin/bin/pci_compliance_resolver --enable all
This will disable all weak ciphers for courier mail, Apache, and the control panel. Other parameters are:
| Option | Description |
|---|---|
| –enable | –disable courier | Only enables or disables the courier mail weak ciphers |
| –enable |–disable apache | Only enables or disables the Apache weak ciphers |
| –enable |–disable panel | Only enables or disables the control panels weak ciphers |
Once the command is done executing, delete the contents of the /usr/local/psa/admin/conf/cipher.lst
openssl ciphers -v HIGH > /usr/local/psa/admin/conf/cipher.lst