Overview

The recently announced SSLv3 exploit also known as “POODLE” has now made SSL protocols totally vulnerable and thrust TLS as the preferred HTTPS security protocol. However you will need to disable SSL support in your web server’s SSL configuration to ensure you are not vulnerable to the POODLE Man-in-the-Middle attack or any another SSL based attacks yet to surface.

Instructions

Locate your ssl.conf file, its usually located in /etc/httpd/conf.d

Locate the “SSLProtocol” line, if its commented out with a “#”, remove the hash and change it to the following:

#
# Disable SSL access by default

SSLProtocol -ALL -SSLv2 -SSLv3 +TLSv1

Now to increase the security strength we can also disable the weaker ciphers, located the SSLCipherSuite line, uncomment it and make it active:

# SSL Cipher Suite
# List the ciphers that the client is permitted to negotiate
# See the mod_ssl documentation for a complete list

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:RC4+RSA:+HIGH:+!MEDIUM:+!LOW

Save the changes and then restart the web server using:

service httpd restart

While you tightening up security, dont forget to disable SSL in your web browsers as well!

Was this article helpful?

Related Articles