Server should meet the following PCI compliance requirements:
- Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported.
- Configure SSL/TLS servers to only support cipher suites that do not use block ciphers.
However, these protocols are not supported by Plesk by default.
PCI compliance requires that you enable the
'TLS v1.1' and
'TLS v1.2' protocols, but they are supported by
'Apache' webserver starting from version
'2.2.23'. This particular version of Apache is not included in the default base Linux distributives.
Make sure that all system packages are up to date and the latest Plesk microupdate has installed
- Follow instructions provided in the article #125741 [Plesk] CVE-2015-4000 LOGJAM TLS DH vulnerability".