Table of Contents

How to Fix the Poodle Vulnerability by Disabling SSLv3 in cPanel, Apache, Exim, and Dovecot


Apache

Log in to WHM → Service Configuration → Apache Configuration → Global Configuration → SSL Cipher Suite

Change to a Custom Cipher Suite with the toggle button then change the line to be the following:

All -SSLv2 -SSLv3

Click Save then Click to Rebuild and Restart Apache.



Or

Log in to SSH.

Using the text editor of your choice, edit the file /var/cpanel/conf/apache/local and add the following to it under the sslciphersuite

 "sslprotocol":
   "item":
     "sslprotocol": 'All -SSLv2 -SSLv3'

The then run the following commands:

/scripts/rebuildhttpdconf

service httpd restart


cPanel

Log in to WHM → Service Configuration → cPanel Web Services Configuration and change the SSL/TLS Protocols to:

SSLv23:!SSLv2:!SSLv3



Dovecot/Courier

Log in to WHM → Service Configuration → Mailserver Configuration.

Change the SSL Protocols to:

!SSlv2 !SSLv3

Click the Save Changes button.



Exim

Log in to WHM → Service Configuration → Exim Configuration Manager → Advanced Editor

Change the following in tlsrequireciphers:

ALL:-SSLv3:RC4:-SSLv2:!ADH:+HIGH:+MEDIUM:-LOW:-EXP

Click the Save button.

Notes

Please note that for both Dovecot/Courier and Exim above, the suggested cipher lists will NOT disable all SSLv3 support, but only disable the ciphers that use CBC, so some SSLv3 support is still available.

It is possible to completely disable SSLv3 support on these service ports with the following cipher list:

ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

Completely disabling SSLv3 ciphers on the above service ports greatly limits browser compatibility and prevents connections from all but a few modern browsers such as Google Chrome.

Testing

Test your server here http://poodlebleed.com/