HostMonster Web Hosting Help
Disable SSLv3 on a VPS or Dedicated Server
Overview
This article will explain how to disable SSLv3 on a VPS or Dedicated server. This can help you avoid issues with vulnerabilities in SSLv3.
- What you need
- Open the Apache Settings
- Change the SSL Cipher and Protocol Settings
- Test the Configuration
What you need
To begin, you will need to be able to login into your WHM.
Note: If this is your first time logging into the WHM, you may see a page titled Feature Showcase. Click on Exit to WHM at the bottom of the page.
Once logged in, you will need to open the Apache settings.
Open the Apache settings
- Type Apache in the search bar at the top left of the WHM.
- In the search results, click on Apache Configuration.
Change the SSL Cipher and Protocol settings
- On the Apache Configuration page, click on Global Configuration.
- The first option should be SSL Cipher Suite. Select the 2nd option, then copy this text into the box:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH
- Under SSL/TLS Protocols, ensure the default setting, All -SSLv2 -SSLv3, is selected.
- Scroll to the bottom of the page and click the Save button.
- Click the Rebuild Configuration and Restart Apache button.
Note: After following these steps, it may be necessary to add "Options +FollowSymLinks" to the .htaccess file for your site.
Test the configuration
To test that SSL is disabled, you run this command:
curl -IL –sslv3 https://domain.com
Note: Replace domain.com with the domain for your site.
If SSLv3 has been disabled, you should see a message like this:
curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure