How to disable SSL3 in Nginx and Apache to prevent POODLE

Here is how to disable SSLv3 in apache and nginx.

Just for fun, before you do it, scan your site with this tool:

Qualys SSL Server Test (this one is much better. tinfoilhat was the first one i found that found poodle)

In apache, add to your apache config apache2.conf or security.conf:

SSLProtocol all -SSLv2 -SSLv3

In Nginx, add this to your HTTP block:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Now use to scan it again.


This entry was posted in Linux, nginx, SSL. Bookmark the permalink.

Comments are closed.