POODLE Vulnerability Fixes (Disable SSLv3 and SSLv2)
Introduction
POODLE allows malicious attempts on a server's SSLv3 protocol via man in the middle attack. ?Anything web based that uses this protocol can be compromised.
POODLE Fix For Apache And Nginx For Some Linux Flavors
Nginx Web Server
Ex: Ubuntu, add a global setting to /etc/nginx/nginx.conf in the http block, or to each block in /etc/nginx/sites-enabled.
Do the following:
sudo nano /etc/nginx/nginx.conf
Set the ssl_protocols directive to:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Restart the server:
sudo service nginx restart
Apache Web Server
SSLProtocol directive in the mod_ssl module.
Ubuntu:
sudo nano /etc/apache2/mods-available/ssl.conf
if SSL is enabled, modify this file:
sudo nano /etc/httpd/conf.d/ssl.conf
Edit or create the SSLProtocol directive and exclude SSLv3
SSLProtocol all -SSLv3 -SSLv2
Save and close the file. Restart the service to enable your changes.
Restart the server:
Ubuntu: sudo service apache2 restart
CentOS: sudo service httpd restart
| Created on: |
Oct 17, 2014 |
| Last updated on: |
Apr 19, 2024 |
LEAVE A COMMENT
Your email address will not be published.
