TLS Versions and Security

[dman]

I'm experiencing issues on some sites using external services because they are disabling early TLS versions 1.0 and 1.1 due to the security issues with these protocols. This will likely become an issue with other services in the future.

I submitted a ticket (#697036) to inquire about disabling early TLS versions 1.0 and 1.1 on Win33. The response suggested that TLS 1.0 was disabled but that 1.1 could not be. If I can't work with third party services due to this limitation on Win33, I'll need to look at other hosting options for at least some of my clients and projects. I understand this is shared hosting but I would also expect it to be as secure as possible.

I also tested TLS on WIN33 and it appears that TLS 1.0 is still enabled:

"tls_version":"TLS 1.0","rating":"Bad"​

@Stephen I was wondering if you could weigh in on this and help me clarify the options. Can early TLS 1.0/1.1 be disabled on Win33? If not, can you explain why? Is there another server at Jodo that I could use?

Thanks in advance for any replies!

 

[Stephen]

I'll be able to take a look tonight or tomorrow, I've been working to get these last few ancient VPS servers upgraded and out of the Waco facility and get it shut down. The TLS stuff is very picky and there are some things that dont work if you disable the older protocols. The Plesk servers support newer Windows and hence support newer tech, and we'll soon have a 2016 Plesk server up and going too.

 

[dman]

@Stephen hope you've been well! I was wondering if you had any updates on these TLS upgrades. I have a few more months to complete the testing for the sites in question.

A variety of services are going to require upgrades to TLS in the coming year. I submitted support tickets about this back in June and the support staff tried disabling TLS but it resulted in a variety of issues. You can see the details in ticket #697036 - TLS Versions.

Are there any planned updates for this or do you have any recommendations? Thanks!