How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle ODowngraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

 

Step 1: Navigate to the Include Editor


Login to WHM, open up the Apache Configuration screen, and click on Include Editor


Apache Configuration WHM


Step 2: Edit the Includes


Under Pre Main Include, select All Versions. This way your server will be protected if you change your version of Apache. When selected, enter the following into the text box for CentOS/RHEL 6.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2


When selected, enter the following into the text box for CentOS/RHEL 5.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1


…and then click Update. Once you click update, you’ll be prompted to restart Apache; do so at this time.


Apache Include Editor


Step 3: Verify!


To verify you’re covered, run the following command in a terminal as root:

openssl s_client -connect www.yourssldomain.com:443 -ssl3


You’ll know you’ve successfully disabled SSLv3 and protected yourself from the attack POODLE if you see a response similar to this:

CONNECTED(00000003)
140421693269648:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40
140421693269648:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

  • 23 Users Found This Useful
Was this answer helpful?

Related Articles

How to List Compiled PHP Modules from Command Line

Pre-Flight Check These instructions are intended specifically for listing compiled PHP modules...

How to Install or Uninstall PECL Extensions

Pre-Flight Check These instructions are intended specifically for installing or uninstalling...

How to Install the MongoDB PHP Driver (Extension) on CentOS 6

Step 1: Setup Environment, Install PHP Extension & Application Repository (PEAR) As a matter...

How to Add a User and Grant Root Privileges on CentOS 6.5

Step 1: Add the User It’s just one simple command to add a user. In this case, we’re...

How to Add a User and Grant Root Privileges on Ubuntu 14.04

Step 1: Add the User It’s just one simple command to add a user. In this case, we’re...