How to protect against a POODLE attack

CentOS Aug 18, 2017

I'm going to show you how to disable SSL 3 on Apache httpd (CentOS).  You will need sudo permission to execute the statements. Please check  out my post "POODLE attack - SSL 3" if you don't know what a POODLE attack is.

How to disable SSL 3?

First open the file /etc/httpd/conf.d/ssl.conf and find the section which start with

# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2

Change the statement to

SSLProtocol all -SSLv2 -SSLv3

This will disable the SSL protocol for your server. With this set, you have to restart the httpd daemon:

apachectl restart


systemctl restart httpd

You can now check on what protocols your web server supports.

Your result should look similar to this:

ssllabs result

Please comment below, if you have any questions.

Tested on:

  • OS: CentOS 7
  • Web server: Apache httpd 2.4.6




Howdy! I'm Stefan and I am the main author of this blog. If you want know more, you can check out the 'About me' page.

Impressum | Data Privacy Policy | Disclaimer
Copyright: The content is copyrighted and may not be reproduced on other websites without permission.