Secure your servers against POODLE vulnerability for cPanel servers.

On October 14, 2014 Google has discovered a vulnerability in SSL V3.0 called POODLE that allows an attacker to capture encrypted data in plain text using man-in-the-middle attack. In order to secure your servers against this bug, you have to disable the support of SSL V3.0 on your servers.

Apache:

  1. Go to WHM >> Service Configuration >> Apache Configuration >> Global Configuration.
  2. SSL/TLS Cipher Suite, should contain All -SSLv2 -SSLv3
  3. Save and rebuild Apache configuration.


Dovecot:

  1. WHM >> Service Configuration >> Mailserver Configuration.
  2. SSL Protocols should contain !SSLv2 !SSLv3
  3. Click save at the bottom of the page.


Exim:

  1. WHM >> Service Configuration >> Exim Configuration Manager.
  2. Under Advanced Editor Tab, look for 'openssl_options'.
  3. Make sure the field contains +no_sslv2 +no_sslv3
  4. Click save at the bottom of the page.


Cpsrvd:

  1. WHM >> Service Configuration >> Web Services Configuration.
  2. Make sure that the "TLS/SSL Protocols" field contains SSLv23:!SSLv2:!SSLv3
  3. Click on save button.

Cpdavd:

  1. WHM >> Service Configuration >> cPanel Web Disk Configuration.
  2. Make sure that the "TLS/SSL Protocols" field contains SSLv23:!SSLv2:!SSLv3
  3. Click on save button.


To test whether your server is vulnerable to the POODLE or not, type the following command:

openssl s_client -connect example.com:443 -ssl3

Make sure to replace example.com with your domain or IP address.

If the output looks like the following, then your server is not vulnerable and it is safe from the bug as it does not support SSL V3.0

routines:SSL3_READ_BYTES:sslv3 alert handshake failure


Simple way to check for POODLE on your server by using Qualys SSL Test.
Enter your domain name and click submit. You will get a detailed summary of your website and which protocols are supported.

To disable SSL V3.0 in your browser click here.

  • 99 Users Found This Useful
Was this answer helpful?

Related Articles

Disable SSH Password Authentication on Server.

It is recommended to disable SSH password authentication on your server to enhance security once...

Shellshock Bash Bug Vulnerability Patching and Checking

A newly discovered bug allows attackers to cause vulnerable versions of Bash to execute arbitrary...

How to secure your browser against POODLE vulnerability.

On October 14, 2014 Google has discovered a vulnerability in SSL V3.0 called POODLE that allows...

How to secure your browser against POODLE vulnerability.

On October 14, 2014 Google has discovered a vulnerability in SSL V3.0 called POODLE that allows...

Limit Access to Specific IPs on Server

We are going to use the CSF to limit access of some ports to a certain IP. Make sure to have a...