ssl_poodle
To resolve poodle vulnerability please add the following to the virtual host:
#resolve poodle vulnerability
SSLHonorCipherOrder on
SSLProtocol ALL -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+3DES:EDH+AES:RSA+AESGCM:RSA+AES:RSA+3DES:!ECDSA:!NULL:!MD5:!DSS
And to allow this globally please add in the /etc/httpd/conf.d/ssl.conf file:
SSLProtocol -all -SSLv2 -SSLv3 +TLSv1
ssl_poodle.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1