10-19-2014, 06:37 AM
(This post was last modified: 04-06-2020, 01:43 PM by DewlanceCTO.)
Hello,
If you are using a cPanel/WHM then immediately disable SSLv3 on your server because of SSLv3 is not anymore secure.
How to Disable SSLv3 on cPanel/Apache via SSH Command?
Type this command in your SSH Client:
Edit pre_main_global.conf file
Now copy and paste this code in this file.
Save file and exit then restart your apache server
How to test for poddle SSLv3 Attack?
How to Disable SSLv3 on Lighttpd or SolusVM Master Server?
Note: SolusVM use Lighttpd Webserver so we need to disable SSLv3 on SolusVM Master and Slave Server
Edit ligghttpd.conf file
Search ssl.engine code and enter this code before bracket close } and after "ssl.ca-file" line.
Here is example code:
and
[b]Restart lighttpd:[/b]
How to Disable SSLv3 on SolusVM Slave?
Edit ligghtpd.conf
nano /etc/lighttpd/lighttpd.conf
and enter this code at end of file.
Save file and restart lighttpd
service lighttpd restart
How to test that you are safe from poodle attack?
Visit https://www.ssllabs.com/ssltest/ and enter your Master SolusVM Website Address and click on test. If show SSLv3 is supported then it means your server is vulnerable for SSLv3 attack.
If you want to check your SolusVM Slave Server then you need to enter your slave server IP Address and ssl port number. Eg: https://12.3.4.5:port
How to Disable this in Lighttpd?
You can follow our SolusVM SSLv3 Tutorial because of SolusVM use Lighttpd Webserver however I am writing this tutorial for you so you can easily understand this.
Enter this command in your SSH Client
In lighttpd.conf enter this command in your $SERVER["socket"] == ":443" line but don't forget to enter this after { bracket start and before } bracket close line.
Here is example:
Save your file and then restart ligghtpd.
Note: "service ligghtpd restart" command works on CentOS but If you are using any other Operating system then you need to search in google on how to restart lighttpd on your xyz operating system
If you are using a cPanel/WHM then immediately disable SSLv3 on your server because of SSLv3 is not anymore secure.
How to Disable SSLv3 on cPanel/Apache via SSH Command?
Type this command in your SSH Client:
Quote:cd /usr/local/apache/conf/includes
Edit pre_main_global.conf file
Quote:nano pre_main_global.conf
Now copy and paste this code in this file.
Quote:SSLHonorCipherOrder On
SSLProtocol -All +TLSv1
Save file and exit then restart your apache server
Quote:service httpd restart
How to test for poddle SSLv3 Attack?
How to Disable SSLv3 on Lighttpd or SolusVM Master Server?
Note: SolusVM use Lighttpd Webserver so we need to disable SSLv3 on SolusVM Master and Slave Server
Edit ligghttpd.conf file
Quote:nano /etc/lighttpd/lighttpd.conf
Search ssl.engine code and enter this code before bracket close } and after "ssl.ca-file" line.
PHP Code:
#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
Here is example code:
Quote:$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/solusvm/ssl/solusvm.pem"
ssl.ca-file = "/usr/local/solusvm/ssl/solusvm.ca-bundle"
#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
and
Quote:#If any other custom port is listed then also you need to disable SSLv2,V3 on your custom port
$SERVER["socket"] == "0.0.0.0:customport" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/solusvm/ssl/solusvm.pem"
ssl.ca-file = "/usr/local/solusvm/ssl/solusvm.ca-bundle"
#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
[b]Restart lighttpd:[/b]
Quote:service lighttpd restart
How to Disable SSLv3 on SolusVM Slave?
Edit ligghtpd.conf
nano /etc/lighttpd/lighttpd.conf
and enter this code at end of file.
Quote:ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
Save file and restart lighttpd
service lighttpd restart
How to test that you are safe from poodle attack?
Visit https://www.ssllabs.com/ssltest/ and enter your Master SolusVM Website Address and click on test. If show SSLv3 is supported then it means your server is vulnerable for SSLv3 attack.
If you want to check your SolusVM Slave Server then you need to enter your slave server IP Address and ssl port number. Eg: https://12.3.4.5:port
How to Disable this in Lighttpd?
You can follow our SolusVM SSLv3 Tutorial because of SolusVM use Lighttpd Webserver however I am writing this tutorial for you so you can easily understand this.
Enter this command in your SSH Client
Quote:nano /etc/lighttpd/lighttpd.conf
In lighttpd.conf enter this command in your $SERVER["socket"] == ":443" line but don't forget to enter this after { bracket start and before } bracket close line.
Here is example:
Quote:$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = var.confdir + "/example.org.pem"
ssl.ca-file = var.confdir + "/example.org.bundle.crt"
server.name = var.confdir + "/example.org"
server.document-root = "/srv/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
Save your file and then restart ligghtpd.
Quote:service lighttpd restart
Note: "service ligghtpd restart" command works on CentOS but If you are using any other Operating system then you need to search in google on how to restart lighttpd on your xyz operating system