How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Apache Web Server

To disable SSLv3 on the Apache web server, you will have to adjust the SSLProtocol directive provided by the mod_ssl module.

This directive can be set either at the server level or in a virtual host configuration. Depending on your distribution's Apache configuration, the SSL configuration may be located in a separate file that is sourced.

On Ubuntu, the server-wide specification for servers can be adjusted by editing the /etc/apache2/mods-available/ssl.conf file. If mod_ssl is enabled, a symbolic link will connect this file to the mods-enabled subdirectory:

sudo nano /etc/apache2/mods-available/ssl.conf

On CentOS, you can can adjust this in the SSL configuration file located here (if SSL is enabled):

sudo nano /etc/httpd/conf.d/ssl.conf

Inside you can find the SSLProtocol directive. If this is not available, create it. Modify this to explicitly remove support for SSLv3:

SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart the service to enable your changes.

On Ubuntu, you can type:

sudo service apache2 restart

On CentOS, this would be:

sudo service httpd restart



cPanel/WHM

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Step 1: Navigate to the Include Editor

Login to WHM, open up the Apache Configuration screen, and click on Include Editor

  • 0 Kasutajad peavad seda kasulikuks
Kas see vastus oli kasulik?

Seotud artiklid

Protect your Server Against the POODLE SSLv3 Vulnerability

Introduction On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol...

AbuseBSI: Offene NetBIOS-Namensdienste in AS24940

The other day received a letter from the Federal Office for Information Security ( BSI ) about...

CSF Error: *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Following the install of CSF (ConfigServer Security & Firewall) on some servers, you may...

Improve CSF iptables performance with ipset

Servers running iptables with CSF firewall can become slow and bogged down while processing the...