Skip to content

Instantly share code, notes, and snippets.

@ricog

ricog/gist:9df21476cc7ff697aad3

Last active August 29, 2015 14:07
Show Gist options
  • Save ricog/9df21476cc7ff697aad3 to your computer and use it in GitHub Desktop.
Save ricog/9df21476cc7ff697aad3 to your computer and use it in GitHub Desktop.
Download ZIP
Disabling SSLv3 on HTTPS web servers
Raw
gistfile1.md

Info

Details and where I ripped most of this from is at: http://askubuntu.com/a/537197

Another reference with detailed explanation of the vulnerability: http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

Test

See if the server is vulnerable:

openssl s_client -connect <server>:<port> -ssl3

If it connects you are vulnerable. If safe, it will respond with handshake failure.

Fix Apache

If you're running Apache, just include the following line in your configuration among the other SSL directives:

SSLProtocol All -SSLv2 -SSLv3

Then check if the new configuration is correct (no typos etc.):

apachectl configtest

And restart the server, e.g.

sudo service apache2 restart

Fix Nginx

If you're running Nginx, just include the following line in your configuration among the other SSL directives:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

And restart the server, e.g.

sudo service nginx restart

Fix a Node.js server

Require constants and then disable SSLv3 in the server create. See example at https://gist.github.com/3rd-Eden/715522f6950044da45d8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment