View blogs | Login

POODLE Vulnerability Fixes (Disable SSLv3 and SSLv2)


POODLE allows malicious attempts on a server's SSLv3 protocol via man in the middle attack. ?Anything web based that uses this protocol can be compromised.

POODLE Fix For Apache And Nginx For Some Linux Flavors

Nginx Web Server

Ex: Ubuntu, add a global setting to /etc/nginx/nginx.conf in the http block, or to each block in /etc/nginx/sites-enabled.

Do the following:

sudo nano /etc/nginx/nginx.conf

Set the ssl_protocols directive to:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Restart the server:

sudo service nginx restart

Apache Web Server

SSLProtocol directive in the mod_ssl module.


sudo nano /etc/apache2/mods-available/ssl.conf

if SSL is enabled, modify this file:

sudo nano /etc/httpd/conf.d/ssl.conf

Edit or create the SSLProtocol directive and exclude SSLv3

SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart the service to enable your changes.

Restart the server:

Ubuntu: sudo service apache2 restart

CentOS: sudo service httpd restart

Created on: Oct 17, 2014
Last updated on: Jul 12, 2024


Your email address will not be published.


Social Media

Powered by