25th Anniversary Savings | 25% Off Dedicated Servers*Shop Now
25th Anniversary Savings | 25% Off VPS Hosting* †††Shop Now
Limited Inventory: High-Performance AMD-Powered Servers Now Available.* Shop Now >
Dedicated Hosting Deals | From $99/moShop Now

How to Disable SSLv3 for Apache To Protect Against POODLE

Reading Time: 2 minutes
Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE
II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Step 1: Navigate to the Include Editor

Login to WHM, open up the Apache Configuration screen, and click on Include Editor

Apache Configuration WHM

Step 2: Edit the Includes

Under Pre Main Include, select All Versions. This way your server will be protected if you change your version of Apache. When selected, enter the following into the text box for CentOS/RHEL 6.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

When selected, enter the following into the text box for CentOS/RHEL 5.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

…and then click Update. Once you click update, you’ll be prompted to restart Apache; do so at this time.

Apache Include Editor

Step 3: Verify!

To verify you’re covered, run the following command in a terminal as root:

openssl s_client -connect www.yourssldomain.com:443 -ssl3

You’ll know you’ve successfully disabled SSLv3 and protected yourself from the attack POODLE if you see a response similar to this:

CONNECTED(00000003)
140421693269648:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1275:SSL alert number 40
140421693269648:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598:

Thank you to Jason Gillman for providing the information essential to this tutorial. If you still need assistance with this problematic pooch, please contact our Heroic Support team!

About the Author: J. Mays

As a previous contributor, JMays shares his insight with our Knowledge Base center. In our Knowledge Base, you'll be able to find how-to articles on Ubuntu, CentOS, Fedora and much more!

Latest Articles

What Is WebP and What Makes it Different from Other Image Formats?

Read Article

Top 10 Password Security Standards

Read Article

Top 10 Password Security Standards

Read Article

How to Install MongoDB on AlmaLinux

Read Article

How to Use the WP Toolkit to Secure and Update WordPress

Read Article