How to protect against a POODLE attack

CentOS Aug 18, 2017

I'm going to show you how to disable SSL 3 on Apache httpd (CentOS). You will need sudo permission to execute the statements. Please check out my post "POODLE attack - SSL 3" if you don't know what a POODLE attack is.

How to disable SSL 3?

First open the file /etc/httpd/conf.d/ssl.conf and find the section which start with

# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2

Change the statement to

SSLProtocol all -SSLv2 -SSLv3

This will disable the SSL protocol for your server. With this set, you have to restart the httpd daemon:

apachectl restart

OR

systemctl restart httpd

You can now check on https://www.ssllabs.com/ssltest/ what protocols your web server supports.

Your result should look similar to this:

ssllabs result

Please comment below, if you have any questions.

Tested on:

OS: CentOS 7
Web server: Apache httpd 2.4.6

Credits:

Post photo by Philipp Katzenberger on Unsplash

Tags

Stefan

Howdy! I'm Stefan and I am the main author of this blog. If you want know more, you can check out the 'About me' page.

Recommended for you

Linux

Change validation challenge Certbot (ACME TLS-SNI-01 to HTTP-01)

5 years ago • 1 min read

How to use Let's Encrypt (Certbot) - Apache/Nginx

5 years ago • 1 min read

Java

Automatically Restart SpringBoot on Error

5 years ago • 1 min read

Impressum | Data Privacy Policy | Disclaimer
Copyright: The content is copyrighted and may not be reproduced on other websites without permission.