Apache: How to Disable the SSL v3 Protocol on Debian

To prevent POODLE (“Padding Oracle On Downgraded Legacy Encryption”) attach which is a man-in-the-middle exploit that takes advantage of SSL3.0 vulnerability it is necessary to disable SSLv3 in your web server configuration.

To check if you are vulnerable to this attack you can use the form on following website:

https://www.digicert.com/help/

Please open following file in your favorite editor and edit it:

/etc/apache2/mods-available/ssl.conf

change the line:

SSLProtocol all -SSLv2

to:

SSLProtocol all -SSLv2 -SSLv3

then restart your Apache with:

/etc/init.d/apache2 restart

or

apachectl -k restart

Then use the site to check again if you have configured everything correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.