How to Fix the Poodle Vulnerability by Disabling SSLv3 in cPanel, Apache, Exim, and Dovecot


Log in to WHM → Service Configuration → Apache Configuration → Global Configuration → SSL Cipher Suite

Change to a Custom Cipher Suite with the toggle button then change the line to be the following:

All -SSLv2 -SSLv3

Click Save then Click to Rebuild and Restart Apache.


Log in to SSH.

Using the text editor of your choice, edit the file /var/cpanel/conf/apache/local and add the following to it under the sslciphersuite

     "sslprotocol": 'All -SSLv2 -SSLv3'

The then run the following commands:


service httpd restart


Log in to WHM → Service Configuration → cPanel Web Services Configuration and change the SSL/TLS Protocols to:



Log in to WHM → Service Configuration → Mailserver Configuration.

Change the SSL Protocols to:

!SSlv2 !SSLv3

Click the Save Changes button.


Log in to WHM → Service Configuration → Exim Configuration Manager → Advanced Editor

Change the following in tls_require_ciphers:


Click the Save button.


Please note that for both Dovecot/Courier and Exim above, the suggested cipher lists will NOT disable all SSLv3 support, but only disable the ciphers that use CBC, so some SSLv3 support is still available.

It is possible to completely disable SSLv3 support on these service ports with the following cipher list:


Completely disabling SSLv3 ciphers on the above service ports greatly limits browser compatibility and prevents connections from all but a few modern browsers such as Google Chrome.


Test your server here