How to Disable SSLv3 on cPanel/Lighttpd/SolusVM/Lighttpd?
|
10-19-2014, 06:37 AM,
(This post was last modified: 04-06-2020, 01:43 PM by dewlance.)
Post: #1
|
|||
|
|||
How to Disable SSLv3 on cPanel/Lighttpd/SolusVM/Lighttpd?
Hello,
If you are using a cPanel/WHM then immediately disable SSLv3 on your server because of SSLv3 is not anymore secure. How to Disable SSLv3 on cPanel/Apache via SSH Command? Type this command in your SSH Client: Quote:cd /usr/local/apache/conf/includes Edit pre_main_global.conf file Quote:nano pre_main_global.conf Now copy and paste this code in this file. Quote:SSLHonorCipherOrder On Save file and exit then restart your apache server Quote:service httpd restart How to test for poddle SSLv3 Attack? How to Disable SSLv3 on Lighttpd or SolusVM Master Server? Note: SolusVM use Lighttpd Webserver so we need to disable SSLv3 on SolusVM Master and Slave Server Edit ligghttpd.conf file Quote:nano /etc/lighttpd/lighttpd.conf Search ssl.engine code and enter this code before bracket close } and after "ssl.ca-file" line. PHP Code: #SSL Poddle v3 attack Here is example code: Quote:$SERVER["socket"] == "0.0.0.0:443" { and Quote:#If any other custom port is listed then also you need to disable SSLv2,V3 on your custom port [b]Restart lighttpd:[/b] Quote:service lighttpd restart How to Disable SSLv3 on SolusVM Slave? Edit ligghtpd.conf nano /etc/lighttpd/lighttpd.conf and enter this code at end of file. Quote:ssl.use-sslv2 = "disable" Save file and restart lighttpd service lighttpd restart How to test that you are safe from poodle attack? Visit https://www.ssllabs.com/ssltest/ and enter your Master SolusVM Website Address and click on test. If show SSLv3 is supported then it means your server is vulnerable for SSLv3 attack. If you want to check your SolusVM Slave Server then you need to enter your slave server IP Address and ssl port number. Eg: https://12.3.4.5:port How to Disable this in Lighttpd? You can follow our SolusVM SSLv3 Tutorial because of SolusVM use Lighttpd Webserver however I am writing this tutorial for you so you can easily understand this. Enter this command in your SSH Client Quote:nano /etc/lighttpd/lighttpd.conf In lighttpd.conf enter this command in your $SERVER["socket"] == ":443" line but don't forget to enter this after { bracket start and before } bracket close line. Here is example: Quote:$SERVER["socket"] == ":443" { Save your file and then restart ligghtpd. Quote:service lighttpd restart Note: "service ligghtpd restart" command works on CentOS but If you are using any other Operating system then you need to search in google on how to restart lighttpd on your xyz operating system Kunnu (Administrator) Dewlance.com - Best Web Hosting Create a Ticket |
|||
![]() |
Thread Search Tool
|