apache disable SSLv3

Notes on disabling SSLv3 in apache.

Test if SSLv3 is available. 
$ openssl s_client -connect ipduh.com:443 -ssl3


In Debian SSLv2 is disabled by default but SSLv3 is available. 

# grep SSLProtocol /etc/apache2/mods-available/ssl.conf
SSLProtocol all -SSLv2


To disable SSLv3 add '-SSLv3' in /etc/apache2/mods-available/ssl.conf 
# vi /etc/apache2/mods-available/ssl.conf


If you are using SSL Virtual Hosts you may need to add 
SSLProtocol All -SSLv2 -SSLv3
in each VirtualHost definition.

Restart Apache 
# /etc/init.d/apache2 restart


Test again if SSLv3 is disabled. 
$ openssl s_client -connect ipduh.com:443 -ssl3
CONNECTED(00000003)
140330958718632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40
140330958718632:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:




apache disable SSLv3

Labels: , ,