How to Disable SSLv3 on a VPS or Dedicated Server

Knowledge of the vulnerability with SSLv3 is well known by now (here is an article about it).  However, there is a good chance your Dedicated Server or VPS account still has SSLv3 enabled.  Here is a guide on how to disable SSLv3 on a VPS or Dedicated Server via your WHM.

After you log into the WHM go to the search bar in the top left and type apache.

Screenshot - 10302014 - 09:53:29 PM

Go to Apache Configuration.

Once on Apache Configuration go to Global Configuration.

Screenshot - 10302014 - 09:53:13 PM

The first option on this page is SSL Cipher Suite.

Screenshot - 10302014 - 09:52:55 PM

You’ll want to click on the third option. In that text box, enter in a ciphersuite from this page. The ‘intermediate’ suite should be used unless you have specific need to use ‘modern’ or ‘old’.

In the SSL/TLS Cipher Suite section, the default should be

    All -SSLv2 -SSLv3

Be sure that’s set to default and that’s the value.

Then scroll to the bottom, and click save.  This will ask you if you want to rebuild and restart Apache, go ahead and click the button.

Screenshot - 10302014 - 09:52:32 PM

Apache will get rebuilt and you’ll be good to go.

Here is a good reference article.

A nice way to test if SSLv3 is disabled.

As well, you can run this from the command line to test if sslv3 is disabled:

    curl -IL –sslv3

This should come back as:

    curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
Posted in Archived Posts and tagged .