Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE
Step 1: Navigate to the Include EditorLogin to WHM, open up the Apache Configuration screen, and click on Include Editor
Step 2: Edit the IncludesUnder Pre Main Include, select All Versions. This way your server will be protected if you change your version of Apache. When selected, enter the following into the text box for CentOS/RHEL 6.x:
SSLHonorCipherOrder On SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2When selected, enter the following into the text box for CentOS/RHEL 5.x:
SSLHonorCipherOrder On SSLProtocol -All +TLSv1…and then click Update. Once you click update, you’ll be prompted to restart Apache; do so at this time.
Step 3: Verify!To verify you’re covered, run the following command in a terminal as root:
openssl s_client -connect www.yourssldomain.com:443 -ssl3You’ll know you’ve successfully disabled SSLv3 and protected yourself from the attack POODLE if you see a response similar to this: CONNECTED(00000003) 140421693269648:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40 140421693269648:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: Thank you to Jason Gillman for providing the information essential to this tutorial. If you still need assistance with this problematic pooch, please contact our Heroic Support team!