To avoid server hacking attempts, it is necessary to disable SSLv3 on servers. SSLv3 is an insecure method of data transmission between servers. This is why sensitive server data may be compromised. This article will teach you how to disable SSLv3 in some of today's most popular software applications.
1. How to disable SSLv3 in Linux.
To turn off SSLv3, change the Protocol setting in the Apache configuration file. After that, the service must be restarted for the changes to take effect.
CentOS:
Add the following line in the file /etc/httpd/conf.d/ssl.conf:
SSLProtocol All -SSLv2 -SSLv3
After you have completed, save your work, and restart your server with this instruction:
systemctl restart httpd
Ubuntu or Debian:
Make the following modifications as root user in the file /etc/apache2/mods-available/ssl.conf
SSLProtocol All -SSLv2 -SSLv3
After you have completed, save your work, and restart your server with this instruction:
systemctl restart httpd
2. Disabling SSLv3 on Postfix.
Only when SSL is required does Postfix need adjustments. All email traffic is SSLv3 encrypted in this mode. In the file /etc/postfix/main.cf, add or modify the following configuration parameters:
smtpd_tls_protocols=!SSLv2,!SSLv3
After you have finished, save your work, and restart your server by following this step:
systemctl restart postfix
3. Disabling SSLv3 on Dovecot.
To block vulnerable protocols, we will need to make similar changes to Dovecot's settings. Add the following line to /etc/dovecot/local.conf:
ssl_protocols = !SSLv2 !SSLv3
If you are using an older version of Dovecot than 2.1, upgrade first, then follow the steps above. After you have finished, save your work, and restart your server by following the step below:
systemctl restart dovecot
4. Disabling SSLv3 on Nginx.
We need to modify the configuration file of another common web server, NGINX. Add the following line in the file /etc/nginx:
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
After you have finished, save your work, and restart your server by following this step:
systemctl restart nginx
5. Disabling SSLv3 on Exim.
When managing emails, the Exim mail server also implements secure methods. This is why SSLv3 must also be disabled in Exim. Add or modify the following parameter in the Exim configuration file at /etc/exim.conf to turn off SSLv3 completely:
ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP
After you have finished, save your work, and restart your server.
The WHM panel can be used to make the same modifications on cPanel servers.
WHM >> Service Configuration >> Exim Configuration Manager → Advanced Editor.
Comments
Article is closed for comments.