How to enable/disable a particular TLS version in Plesk 12.5 or higher


Without having to manipulate the Apache configuration files directly, you can run a command in Plesk, which will do the same thing. This will ensure you can quickly enable, disable TLS 1.0/1.1.


  • TLS 1.1/1.0 cannot be disabled if you are running Apache 2.2.23 or lower
  • If the OS is too old, please contact your Account Manager and work out a upgrade for a new system

1. Connect to the Plesk server via SSH as "root":
2. Run this command to enable TLS 1.2 ONLY server wide:

# plesk bin server_pref -u -ssl-protocols 'TLSv1.2'

To disable TLS 1.0 and keep 1.1 and 1.2 for all Plesk web services:

# plesk sbin sslmng --protocols="TLSv1.1 TLSv1.2"

If you need to strengthen the SSL ciphers to pass typical PCI DSS setups, you can use the following. This assumes you leave only TLS 1.2 and disable everything else:

First check to see what ciphers are in use:

# grep SSLCipher /etc/httpd/conf.d/ssl.conf

If there is ciphers, then using your favorite editor, comment out the previous configuration and then use the following: