Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2015-03-09 17:45:43
Dmitry, 2015-03-09 17:45:43
How to remove SSLv3 support?
The SSL Server Test
service shows that there is a vulnerability:
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.with the following nginx settings for the server
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;Team
openssl s_client -connect bpsimulator.com:443 -ssl3Outputs that SSL3 is available via ECDHE-RSA-AES256-SHA
How to permanently get rid of SSL3 on the server?
3 answer(s)
@prolis
@Power
N
Nazar Mokrinsky, 2015-03-09 @prolis
What is your OS?
On any modern OS, Nginx has long been updated with a secure default config. Remove all three quoted parameters from the virtual host - the system ones will start to be used, which (provided that you did not change them, otherwise reinstall the package) will be safe.
P
Power, 2015-03-10 @Power
If the config says ssl_protocols TLSv1 TLSv1.1 TLSv1.2;, then ssl3 is disabled. Dot.
Most likely, you just did not reload the config ( sudo service nginx reload). And if you rebooted, then, probably, there are errors in the config and it was not applied (check:) sudo service nginx configtest.
Another option: you're checking incorrectly. Show what exactly the command outputsopenssl s_client -connect ... -ssl3
Similar questions
S
N
D
Daniil Sukhikh2022-03-26 16:36:50
How to fix phpmyadmin white screen after changing php version?
2Reply
D
U
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question