To disable the SSLv3 Vulnerability (Commonly referred to as the Poodle Vulnerability) in cPanel/WHM follow these steps:
1)Visit your server's WHM Panel ( https://<yourserversip>:2087 )
2)Navigate to the Apache Configuration Panel of WHM.
3)Scroll down to the 'Include Editor' Section of the Apache Configuration.
4)Click 'Pre Main Include', which will jump to the corresponding section. Via the drop-down selector, choose 'All Versions'.
5)An empty dialog box will appear allowing you to input the needed configuration updates. In this box, copy and paste the following:
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
6)Check to make sure the added text is correct and click the Update button to proceed.
7)You will receive confirmation that the includes were updated and be prompted to restart Apache. The settings will not take place until you click Restart Apache.
8)You will then see two pages, one showing the status of the restart and one confirming the restart was successful.
9)That's it! Settings are updated and you're Poodle-Free!
Confirm your site is Poodle-Free
1)Open a SSH terminal and copy/paste the following text (remember to replace yourssldomain.com):
openssl s_client -connect yourssldomain.com:443 -ssl3
2)You should see the following in your output:
sslv3 alert handshake failure
If you see that, SSLv3 is disabled.
This article is no longer accurate based on most recent WHM Updates. Please refer to:
https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols
1)Visit your server's WHM Panel ( https://<yourserversip>:2087 )
2)Navigate to the Apache Configuration Panel of WHM.
3)Scroll down to the 'Include Editor' Section of the Apache Configuration.
4)Click 'Pre Main Include', which will jump to the corresponding section. Via the drop-down selector, choose 'All Versions'.
5)An empty dialog box will appear allowing you to input the needed configuration updates. In this box, copy and paste the following:
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
6)Check to make sure the added text is correct and click the Update button to proceed.
7)You will receive confirmation that the includes were updated and be prompted to restart Apache. The settings will not take place until you click Restart Apache.
8)You will then see two pages, one showing the status of the restart and one confirming the restart was successful.
9)That's it! Settings are updated and you're Poodle-Free!
Confirm your site is Poodle-Free
1)Open a SSH terminal and copy/paste the following text (remember to replace yourssldomain.com):
openssl s_client -connect yourssldomain.com:443 -ssl3
2)You should see the following in your output:
sslv3 alert handshake failure
If you see that, SSLv3 is disabled.
This article is no longer accurate based on most recent WHM Updates. Please refer to:
https://documentation.cpanel.net/display/CKB/How+to+Adjust+Cipher+Protocols
No comments:
Post a Comment