How to Disable SSLv3 on cPanel/Lighttpd/SolusVM/Lighttpd?

[dewlance]

Hello,

If you are using a cPanel/WHM then immediately disable SSLv3 on your server because of SSLv3 is not anymore secure.

How to Disable SSLv3 on cPanel/Apache via SSH Command?
Type this command in your SSH Client:

Quote:cd /usr/local/apache/conf/includes

Edit pre_main_global.conf file

Quote:nano pre_main_global.conf

Now copy and paste this code in this file.

Quote:SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

Save file and exit then restart your apache server

Quote:service httpd restart

How to test for poddle SSLv3 Attack?


How to Disable SSLv3 on Lighttpd or SolusVM Master Server?
Note: SolusVM use Lighttpd Webserver so we need to disable SSLv3 on SolusVM Master and Slave Server

Edit ligghttpd.conf file

Quote:nano /etc/lighttpd/lighttpd.conf

Search ssl.engine code and enter this code before bracket close } and after "ssl.ca-file" line.

PHP Code:

#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable" 


Here is example code:

Quote:$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/solusvm/ssl/solusvm.pem"
ssl.ca-file = "/usr/local/solusvm/ssl/solusvm.ca-bundle"

#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}

and

Quote:#If any other custom port is listed then also you need to disable SSLv2,V3 on your custom port
$SERVER["socket"] == "0.0.0.0:customport" {
ssl.engine = "enable"
ssl.pemfile = "/usr/local/solusvm/ssl/solusvm.pem"
ssl.ca-file = "/usr/local/solusvm/ssl/solusvm.ca-bundle"

#SSL Poddle v3 attack
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}

[b]Restart lighttpd:[/b]

Quote:service lighttpd restart

How to Disable SSLv3 on SolusVM Slave?

Edit ligghtpd.conf
nano /etc/lighttpd/lighttpd.conf

and enter this code at end of file.

Quote:ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"

Save file and restart lighttpd
service lighttpd restart


How to test that you are safe from poodle attack?
Visit https://www.ssllabs.com/ssltest/ and enter your Master SolusVM Website Address and click on test. If show SSLv3 is supported then it means your server is vulnerable for SSLv3 attack.

If you want to check your SolusVM Slave Server then you need to enter your slave server IP Address and ssl port number. Eg: https://12.3.4.5:port



How to Disable this in Lighttpd?
You can follow our SolusVM SSLv3 Tutorial because of SolusVM use Lighttpd Webserver however I am writing this tutorial for you so you can easily understand this.

Enter this command in your SSH Client

Quote:nano /etc/lighttpd/lighttpd.conf

In lighttpd.conf enter this command in your $SERVER["socket"] == ":443" line but don't forget to enter this after { bracket start and before } bracket close line.


Here is example:

Quote:$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = var.confdir + "/example.org.pem"
ssl.ca-file = var.confdir + "/example.org.bundle.crt"
server.name = var.confdir + "/example.org"
server.document-root = "/srv/html"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"

Save your file and then restart ligghtpd.

Quote:service lighttpd restart

Note: "service ligghtpd restart" command works on CentOS but If you are using any other Operating system then you need to search in google on how to restart lighttpd on your xyz operating system