Patching for POODLE on your server – Disabling SSL 3.0

While we have fully disabled SSL 3.0 on all shared servers, VPS and dedicated customers have not been modified to prevent changes to any customer configurations that you may have. In this article, we will show you how to disable SSL 3.0 on your VPS or dedicated server.

Note: You must have root access to your server to make this change. If you do not have root access, you may submit a verified ticket to support and they will be happy to make these changes for you.

Disabling SSL 3.0 in Apache

  1. Log in as root via SSH.

  2. Copy your Apache template:

    cp /var/cpanel/templates/apache2/main.default /var/cpanel/templates/apache2/main.local

  3. Open your main.local file to line 56

    nano +56 /var/cpanel/templates/apache2/main.local

  4. Remove the following line:

    SSLProtocol [% main.sslprotocol.item.sslprotocol %]

  5. At around line 233, locate the line that looks like this:

    # SSLCipherSuite can be set in WHM under ‘Apache Global Configuration’
    [% IF main.sslciphersuite.item.sslciphersuite.length %]SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %]

  6. Remove the line below the comment and replace it with the following 2 lines:

    SSLProtocol All -SSLv2 -SSLv3
    SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

  7. Save the file by pressing Ctrl+X, and pressing Y to save your changes.

  8. Rebuild the Apache configuration with the following command:

    /scripts/rebuildhttpdconf

  9. Finally, restart Apache:

    service httpd restart

Thoughts on “Patching for POODLE on your server – Disabling SSL 3.0

  • First step to copy main.default to main.local should be preceded by a suggestion to first make a copy of main.local.  That way if something goes badly or main.local has customizations, there’s a handy backup.

    • Hello Jeff,

      That you for your input, I also agree with what you are saying and will be adding that bit to the article.

      Best Regards,
      TJ Edens

Leave a Reply