We are getting mails from client asking to check the POODLE vulnerability on their servers. To check this, run;
If you get
It's not vulnerable to POODLE. If the result showing any other result then perform below steps;
+++++++++++++
++++++++++++++
+++++++++++++++
1. Go to
WHM » Home » Service Configuration » Apache Configuration » Global Configuration
Add
SSL Cipher Suite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL
After that;
2. Go to
Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include
Select all versions, then add below lines (for CentOS/RHEL 6.x:)
Select all versions, then add below lines (CentOS/RHEL 5.x:)
Then update.
It will resolve the issue
openssl s_client -connect ServerIP:443 -ssl3
If you get
CONNECTED(00000003)
140051818760008:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
140051818760008:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
========================It's not vulnerable to POODLE. If the result showing any other result then perform below steps;
+++++++++++++
++++++++++++++
+++++++++++++++
1. Go to
WHM » Home » Service Configuration » Apache Configuration » Global Configuration
Add
SSL Cipher Suite: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL
After that;
2. Go to
Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include
Select all versions, then add below lines (for CentOS/RHEL 6.x:)
Code: [Select]
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Select all versions, then add below lines (CentOS/RHEL 5.x:)
Code: [Select]
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1
Then update.
It will resolve the issue
No comments:
Post a Comment