Would be good to see, a better implementation of SSL for plesk ssl, if any of us wants to apply to PCI compliance, every single scanner i have tested, complains about:

Weak Supported Ssl Ciphers Suites


Also there are loads of complains about SSL protocol detection.

SSL Protocol Version 2 Detection


the solutions sugested, at the very least by McAfee Secure is:

Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Consult your documentation to identify how to reconfigure the affected application to avoid use of weak ciphers.

if possible, would be very nice to be able to have this fixed, so if we want to apply for PCI compliance, we can meet the market demands.

Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.

yeah i know that, but it should be at the very least, a good option to offer it, on setup or to allow the configuration options.

if we can do that from plesk, would ease a lot of work on some admins.

as you stated, some business cannot upgrade, and fixing would cause them a problem, but there are another huge bunch of ppl, who could get benefits if this is implemented.

it should be at the very least, a good option to offer it, on setup or to allow the configuration options.


Agree. Good point. We will consider the suggestion.

Hello JLChafardet,

Yep, it well known and documented issue. However unfortunately we cannot force to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 for all our client because they have a business and such "fix" will breaks their business, sorry.

Can you elaborate please? A Google search on "SSL Protocol Version 2 Detection" (which is McAfee's name for the "vulnerability") comes back with two hits. Two.

What breaks if you disable SSL 2.0? A few examples would really be great. We've got some angry clients who paid a lot of money for this McAfee service and want fixes for the alerts they are getting. At the very least I need some good arguments to counter this. Your help would be appreciated.

Thank you...

Thanks a lot i dont have clients with it, its myself who has it, and yes, i want to know what does it breaks, to see if i can switch or not. we dont host ssl domains atm (only my domain) so if i need to recreate the cert (starcom ssl cert) ill recreate it if needed.

also the Weak Supported Ssl Ciphers Suites are shown on other ports as well. 443, 465, 993, 995 and 8443 show this vulnerability.

Gentlemen,

I'm unsure I should share on forum information about services which use SSL 2.0 instead SSL 3.0.

you can always send a mass pm ;) to the interested users ;)