Anyone running an Apache Server on Ubuntu with SSL enabled should Disable SSL 2 & SSL 3 on Apache to stop Poodle Attack. So here’s a very quick and simple how to Disable SSL 2 3 Apache Poodle Attack.
In Apache 2.4.7 on Ubuntu 14.04 it is as simple as doing the following
sudo nano /etc/apache2/mods-available/ssl.conf
Edit the line that says
and Change it to say
SSLProtocol all -SSLv2 -SSLv3
Then Reload your Apache config with
sudo service apache2 reload
That’s it …. go and test one of your https sites at Qualsys SSL Labs. If all is good you should see a very favorable result like the picture above.
Easy as that ….. sorry if you were hoping for something super complicated to do today !!!
Happy Nixing in the Nixing Bowl !!!