POODLE Attack
Jump to navigation
Jump to search
Internal
External
- https://community.qualys.com/blogs/securitylabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack
- https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/
Overview
Disable SSL3 on Apache httpd
To disable SSLv3 on httpd modify the SSLProtocol directive at the top level in ssl.conf:
SSLProtocol All -SSLv2 -SSLv3
This will give you support for TLSv1.0, TLSv1.1 and TLSv1.2, but explicitly removes support for SSLv2 and SSLv3.