View source for Disable SSL 3.0 for POODLE Vulnerability

===How to disable SSL 3.0 to protect against the POODLE Vulnerability on your VPS===

Recently, SSL 3.0 was exposed to a vulnerability known as POODLE which has made it no longer viable as a protocol.  TLS 1.1 and 1.2 are now used as they are more secure.   Below, we have detailed steps on how to protect your VPS against this vulnerability by disabling SSL 3.0

==Windows VPS==

Follow these steps to disable SSL 3.0 on your Windows VPS

#Login to RDP
#Click Start---Run
#Type: <code>Regedit</code> and hit enter
#Expand HKEY_LOCAL_MACHINE
#Expand SYSTEM
#Expand CurrentControlSet
#Expand Control
#Expand SecurityProviders
#Expand SCHANNEL
#Expand Protocols
#If there is a key here for SSL 3.0, expand it and right-click on server.  Click Add Dword value and name it Enabled.  Set it's decimal value to 0.   Reboot.  If there is not, proceed to next step
#Right click on Protocols and click Add Key.  Name it: <code>SSL 3.0</code>
#Right click on the newly created SSL 3.0 and Add Key.  Name it: <code>Server</code>
#Right click on the newly created Server and click Add Dword. Name it: <code>Enabled</code>.  Set it's decimal value to: <code>0</code>.   
#Reboot

==Cpanel VPS==

Follow these steps to disable SSL 3.0 on your Linux VPS

#Login to WHM (x.x.x.x:2086 where x.x.x.x is server IP)
#Search Apache Configuration in the search bar and click on it
#Click on Include Editor
#Go to Pre-Main Include and select all versions
#Add the following to the text box:<br/> SSLHonorCipherOrder On <br/>SSLProtocol -All +TLSv1
#Click Update
#This will rebuild your Apache Configuration
#Once complete, click Restart Apache


Following these steps will protect you from the POODLE vulnerability.

[[Category:VPS]]