Troubleshoot - by Hostrare
POODLE influences SSLv3 or version 3 of the Secure Sockets Layer protocol, which is used to encrypt traffic between a browser and a web site or between a user’s email client and mail server. It’s not as serious as the current Heartbleed and Shellshock vulnerabilities, but POODLE could enable an enemy to hijack and decrypt the session cookie that recognizes you to a service like Twitter or Google, and then take over your records without requiring your key.
To utilize the vulnerability, you must be running javascript, and the criminal has to be on the same system as you—for instance, on the same Starbucks Wi-Fi system you’re using. This gives it less severe than an attack that can be managed remotely opposite any computer on the Internet.
The crime acts only on traffic assemblies working SSLv3. Heartbleed and Shellshock were vulnerabilities that enabled a criminal to hack a server. POODLE preferably targets the clients. Google’s defense team has suggested that policies managers simply turn off maintenance for SSLv3 to avoid the difficulty.
Basically any client and server supporting SSL v3.
To fix POODLE SSLv3 Vulnerability.
WHM >> Service Configuration >> Apache Configuration >> Include Editor, and include the following in Pre Main Include
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Press the Update button and rebuild your Apache configuration.
Restart Apache.
/etc/init.d/httpd restart
or
To damage SSLv3 on the Apache webserver, you will have to adjust the SSLProtocol directive given by the mod_ssl module. Root users can edit your Apache configuration file /etc/httpd/conf.d/ssl.conf and update the following values below after doing changes restart the Apache service.
SSLProtocol all -SSLv3 -SSLv2
Go to Nginx configuration, and change the line
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
to
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Restart Nginx.
/etc/init.d/nginx restart
LiteSpeed has released an update to version 4.2.17. You can force a reinstall by running this command:
# /usr/local/lsws/admin/misc/lsup.sh -f -v 4.2.17
WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
#Select a version or All Versions.
#Add the following in the text box that appears:
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
#Press the Update button and restore your Apache arrangement.
This will damage SSLv3.0 on your server operating LiteSpeed.
To verify you’re covered, run the following command in a terminal as root:
openssl s_client -connect www.yourssldomain.com:443 -ssl3
WHM >> Service Configuration >> Exim Configuration Manager >> Advanced Editor, and change tls_require_ciphers to
ALL:-SSLv3:RC4:-SSLv2:!ADH:+HIGH:+MEDIUM:-LOW:-EXP
Restart Exim.
WHM >> Service Configuration >> Mailserver Configuration, and change SSL Cipher List to
ALL:-SSLv3:RC4:-SSLv2:!ADH:+HIGH:+MEDIUM:-LOW:-EXP
WHM >> Service Configuration >> FTP Server Configuration, and change the TLS Cipher Suite to
ALL:-SSLv2:!ADH:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:AES256-SHA:AES128-SHA:DES-CBC3-SHA
WHM >> Service Configuration >> cPanel Web Services Configuration, and change TLS/SSL Cipher List to
ALL:-SSLv2:!ADH:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:AES256-SHA:AES128-SHA:DES-CBC3-SHA
WHM >> Service Configuration >> cPanel Web Disk Configuration, and change TLS/SSL Cipher List to
ALL:-SSLv2:!ADH:!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:AES256-SHA:AES128-SHA:DES-CBC3-SHA
our suuport team here for you 24/7
+8801977507015support@hostrare.comsend a leter Whether you are looking for a personal website hosting plan or a business website hosting plan, We are the perfect solution for you. Our powerful website hosting services will not only help you achieve your overall website goals, but will also provide you with the confidence you need in knowing that you are partnered with a reliable and secure website hosting platform.