The recently announced SSLv3 exploit also known as “POODLE” has now made SSL protocols totally vulnerable and thrust TLS as the preferred HTTPS security protocol. However you will need to disable SSL support in your web server’s SSL configuration to ensure you are not vulnerable to the POODLE Man-in-the-Middle attack or any another SSL based attacks yet to surface.
Locate your ssl.conf file, its usually located in /etc/httpd/conf.d
Locate the “SSLProtocol” line, if its commented out with a “#”, remove the hash and change it to the following:
# # Disable SSL access by default SSLProtocol -ALL -SSLv2 -SSLv3 +TLSv1
Now to increase the security strength we can also disable the weaker ciphers, located the SSLCipherSuite line, uncomment it and make it active:
# SSL Cipher Suite # List the ciphers that the client is permitted to negotiate # See the mod_ssl documentation for a complete list SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:RC4+RSA:+HIGH:+!MEDIUM:+!LOW
Save the changes and then restart the web server using:
service httpd restart
While you tightening up security, dont forget to disable SSL in your web browsers as well!