Disabling Weak and Medium Ciphers on Plesk

One of the things that Qualified Scanning Vendors look for on a server is that the server does not use weak AND medium strength ciphers. Plesk does come with a tool to enable you to switch off weak ciphers used with courier, Apache, and the control panel itself.

# /usr/local/psa/admin/bin/pci_compliance_resolver --enable all

This will disable all weak ciphers for courier mail, Apache, and the control panel. Other parameters are:

--enable | --disable courier Only enables or disables the courier mail weak ciphers
--enable | --disable apache Only enables or disables the Apache weak ciphers
--enable | --disable panel Only enables or disables the control panels weak ciphers

Once the command is done executing, delete the contents of the /usr/local/psa/admin/conf/cipher.lst

# openssl ciphers -v HIGH > /usr/local/psa/admin/conf/cipher.lst