This actually applies to any website, but is specifically aimed at plesk. Today a customer had complained that we’d disabled both tls 1 and 1.1, they wanted 1.1 for compatibility in the meantime, so it requires doing 1 of 2 things.
1 | plesk bin server_pref -u -ssl-protocols 'TLSv1.1 TLSv1.2' |
Or alternatively it can be done directly from within the conf.d ssl.conf for plesk in /etc/httpd/conf.d/ssl.conf, this also applies to httpd users not using plesk.
1 2 3 4 5 6 7 | [root@888426-WEB3 ~] # cat /etc/httpd/conf.d/ssl.conf | grep TLS #SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 ## This exports the standard SSL/TLS related `SSL_*' environment variables. ## The safe and default but still SSL/TLS standard compliant shutdown ## the SSL/TLS standard but is needed for some brain-dead browsers. Use ## alert of the client. This is 100% SSL/TLS standard compliant, but in SSLProtocol +TLSv1.1 +TLSv1.2 |
A pretty simple operation here.