What is the POODLE Vulnerability?
On October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.
Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.
How To Disable SSLv3 to protect your server
Nginx Web Server
To disable SSLv3 in the Nginx web server, you can use the ssl_protocols directive. This will be located in the server or http blocks in your configuration.
For instance, on Ubuntu, you can either add this globally to /etc/nginx/nginx.conf inside of the httpblock, or to each server block in the /etc/nginx/sites-enabled directory.
sudo nano /etc/nginx/nginx.conf
To disable SSLv3, your ssl_protocols directive should be set like this:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Navigate to WHM » Service Configuration » Apache Configuration » Include Editor » Pre Main Include
SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+ SSLHonorCipherOrder on
save and then restart the Apache