Secure HTTPS SSL

Your system may need to disable SSLv3 depending on your Apache configuration. It is also important to note that older versions of Internet Explorer or other web browsers may not have the TLS protocol enabled by default. If for example, you disable SSL versions 2.0 or 3.0, you will need the older versions of Internet Explorer to allow the TLS protocol so you can connect with your site.

How to Disable SSLv3 Protocol

Locate the SSL Protocol Configuration on your Apache server.

Type either of the following commands:

grep -i -r "SSLProtocol" /etc/apache2
or
grep -i -r "SSLProtocol" /etc/httpd

Here, /etc/apache2 and /etc/httpd are the base directory for an Apache installation.

There are different default base directories and installation layouts for Apache in different operating systems, so you may need to check that out depending on the OS you are using.

If the earlier command doesn’t find the “SSLProtocol” string, then look for SSLEngine by running one of the following two commands:

grep -i -r "SSLEngine" /etc/apache2
or
grep -i -r "SSLEngine" /etc/httpd

This command will output the available Virtual Hosts or your config file.

Changing the Virtual Host to move SSLv3

Open the config file/Virtual Host in which you are to disable SSLv3 protocol.

In the SSL protocol configuration, add or update the following lines: SSLProtocol all -SSLv2 -SSLv3

If you used the grep -i -r "SSLEngine" command, you will need to search for "SSLEngine On" and add SSLProtocol all -SSLv2 -SSLv3 in the line just below it.

Restart Apache.
To do this, type the following command and run:
apachectl -k restart

After that, you will have been able to disable the SSL v3 protocol successfully.
At this point, you can go on with your work.

Categories:

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *