Option to disable SNI for a domain in SSL Settings
If a domain has SNI disabled from IIS > Site > example.com > Bindings, Plesk reverts it back to Enabled when it pushes changes to IIS.
It would be nice to have an option in the domain's SSL settings to turn ON/OFF SNI and lock it.
Thank you for your input! We will consider this functionality in upcoming releases, if it will be popular.
Everyone, please continue voting for this feature if you consider it important.
—
IG
-
Pete Batin commented
This is extremely important. As Mark P commented it is related to WorldPay.
We have subscriptions with dedicated IP addresses and dedicated SSL certs (paid for, not Let's Encrypt).
Plesk randomly will re-enable SNI on subscriptions causing WorldPay callbacks to fail. WorldPay refuses to invest in their legacy services to support SNI and will refuse the handshake. I cannot dictate to a third party service that they should invest in the older products, but I can dictate that a product we pay for (Plesk) should not be overwriting our explicit instructions/settings set at random.
It's very embarrassing to be told by a client that transactions aren't completed because our server/Plesk has decided to overwrite our previous instruction of disabling SNI via removing it from bindings.
At the moment the only option provided that relates to disabling SNI is to disable SSL/TLS support entirely within Subscription > Hosting Settings. This setting needs expansion for dedicated IP addresses.
Also if a subscription has a dedicated IP address then all bindings should be bound to that IP address, at the moment only the canonical/primary domain (not including www./ipv4.) are bound to the IP address.
-
Mark P commented
Seems to be Related to World Pay not supporting SNI callback.
-
Chris Danks commented
This feature is needed and should only show on domains with dedicated IP