SSL v3 (POODLE) Vulnerability: Apache
By Anuket Jain On 10 April 2015 In Linux
SSL v3 (POODLE) vulnerability allows the plaintext of secure connections to be calculated by a network attacker.This vulnerability doesn’t affect SSL Certificates. There is no need to renew, reissue, or reinstall any certificates.
Apache: Follow below steps to Disable the SSL v3 Protocol
Step 1: Find your SSL Protocol in your Configuration on Apache Server using below command
# grep -i -r "SSLProtocol" /etc/apache2 or # grep -i -r "SSLProtocol" /etc/httpd
Step 2: Open the config file or Virtual Host for which you are disabling the SSL v3 protocol. Add or update the following lines in your configuration:
# SSLProtocol all -SSLv2 -SSLv3
Step 3: Restart apache service:
# service httpd restart or # service apache2 restart
Step 4: You have successfully disabled the SSLv3 protocol.
Hope this tutorial will help you to disable the SSLv3 Vulnerability.