Linux Administrator - Disable SSLv3 Protocol in Apache

Linux Administrator

Privacy Policy

RSS Feed


Acoustic Guitar Tips
Anna Kendrick
Beekeeping Tips
BLISS
Catherine Zeta Jones
My View On Things
Cheap Auto Insurance
Cheap Places to Live
Delta Shaper
Easy Wood Projects
Free Sheet Music
Funny Clean Jokes
Healthy Carbs
Heidi Klum
Improve Your Credit
Ivory Tower Group
Keke Palmer
Linda Ronstadt
Linux Administrator
Money Spigot
Nicole Kidman
Planet Cabinet
Quality Dating Advice
Rustic Cabinets
Sacramento Hiking
Sandra Bullock
Spintax Tool
The Actress
Who Are The Beatles


Disable SSLv3 Protocol in Apache

Disable SSLv3 Protocol in Apache

I have charge of about a dozen old servers that are running various incarnations of the Apache web server. As part of some housekeeping, I was asked to make sure that none of them are using the SSLv3 protocol. I did a bit of Googling to see how to get this task done and came up with the following solution.

First, logged in via ssh as root, I looked for the relevant Apache configuration file:

grep -i -r "SSLEngine" /etc/httpd
grep -i -r "SSLEngine" /etc/apache
grep -i -r "SSLEngine" /etc/apache2

Once I found the correct configuration file on the server, I looked for the line:

SSLEngine On

Right below that, I added this line:

SSLProtocol all -SSLv2 -SSLv3

This tells the server to use all ssl protocols except the ones marked with a minus sign. Since SSLv2 also has problems, I added it to the command line.

The final task was restarting Apache.


Return To Main Page