Patch Poodle Vulnerability


#1

To patch an ee stack and protect against the poodle vulnerability:

edit the nginx.conf file and add a line indicating ssl_protocols :

sudo vi /etc/nginx/nginx.conf 

add

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Scan your sites/servers: https://www.poodlescan.com/

tutorial at digital ocean: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-poodle-sslv3-vulnerability


#2

Thanks for the heads up. I did the same thing yesterday. I noticed the problem when I was playing with SSLLABS.


#3

On Apache you can disable SSLv3 by adding the following line to the configuration file:

SSLProtocol All -SSLv2 -SSLv3

#4