View blogs | Login

POODLE Vulnerability Fixes (Disable SSLv3 and SSLv2)





Introduction

POODLE allows malicious attempts on a server's SSLv3 protocol via man in the middle attack.  Anything web based that uses this protocol can be compromised.

POODLE Fix For Apache And Nginx For Some Linux Flavors


Nginx Web Server



Ex: Ubuntu, add a global setting to /etc/nginx/nginx.conf in the http block, or to each block in /etc/nginx/sites-enabled.


Do the following:

sudo nano /etc/nginx/nginx.conf

Set the ssl_protocols directive to:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Restart the server:

sudo service nginx restart

Apache Web Server


SSLProtocol directive in the mod_ssl module.

Ubuntu:

sudo nano /etc/apache2/mods-available/ssl.conf

if SSL is enabled, modify this file:

sudo nano /etc/httpd/conf.d/ssl.conf

Edit or create the SSLProtocol directive and exclude SSLv3

SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart the service to enable your changes.

Restart the server:

Ubuntu: sudo service apache2 restart



CentOS: sudo service httpd restart








Created on: 10/17/14 1:34 PM
Last updated on: 2/12/15 1:18 PM

Navigation

Social Media

Powered by 10MinutesWeb.com