Home Guides Glossary

Disabling SSL 3.0 Support on Your Server (POODLE Configuration)

Due to a critical security vulnerability with SSL 3.0 (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.

What does POODLE do?

In short, it's a way attackers can compromise SSL certificates if they're on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.

Google has a lot more detail on their security blog here.

Does POODLE affect my server/sites?

Because POODLE is a vulnerability in SSL technology, it only impacts Websites using SSL certificates. If your server or your Websites don't use an SSL certificate, you don't need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.

Updating

How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.

cPanel

cPanel requires slightly different steps from any other control panel/operating system configuration.

To Configure cPanel to Prevent POODLE Vulnerability on HTTP

  1. Log in to WHM (more info).
  2. In the Service Configuration section, click Apache Configuration.
  3. Click Include Editor.
  4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
  5. In the field that displays, type the following, depending on which version of CentOS you're using:
    CentOS Version Type this...
    Cent OS/RHEL 6.x
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
    Cent OS/RHEL 5.x
    SSLHonorCipherOrder On
    SSLProtocol -All +TLSv1

    If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.

  6. Click Update.

Preventing POODLE on Other Protocols (FTP, etc.)

Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.

Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.

Linux (Apache)

Modify your Apache configuration to include the following line:

SSLProtocol All -SSLv2 -SSLv3

For more information on how to do that, view Apache's documentation.

Windows (IIS)

Modify your server's registry (which removes access SSL 3.0 support from IIS) using Microsoft's document here. You can jump down to the Disable SSL 3.0 in Windows section.

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

For as little as $3.89 per month you can build your Website online with Website Builder using our easy to use professional templates. Play Video - Demo

Quick Shopping Cart

Build and run your own successful online store in minutes. You're just five easy steps away! Shopping Cart works with Google® and eBay® Play Video

Website Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate

Copyright © 2005 - 2017. All rights reserved. Privacy Policy