Disable SSLv2 and SSLv3 in Apache

As we always disable SSLv2 in Apache. Now it is SSLv3 turn. The recent news about the SSL 3 vulnerability is so important that I have to disable it as well.

So just modify the ssl.conf of Apache

[ssh]SSLProtocol All -SSLv2 -SSLv3[/ssh]

The web site still has TLS 1.0, TLS 1.1 and TLS 1.2. For most of the browser working on the users computer, TLS is good enough. The only exception is IE 6.0 on Windows XP.

I am not worrying about it. Just forget the users who are still using IE 6.

Refer to Security Labs article.

Share on Facebook

Tweet

Related posts:

How to Disable ETags in Apache httpd.conf Reduce memory usage of Apache on Centos server Some issues when I use SSL on web server Apache Disable Trackback sitewide Disable your WiFi WPS, security vulnerability found Apache requirement for WordPress Pretty URL Apache OpenOffice 4.1.3 Release