Secure web server
- Disabling SSL 3.0 in mod_ssl
  - Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3)
  - Option 2: Disable everything except TLSv1.x

Secure web server

First of all, check security your web server on this page

After that you can start fix your security problems.

Disabling SSL 3.0 in mod_ssl

To mitigate this vulnerability as it affects httpd using mod_ssl, set the SSLProtocol directive as follows in /etc/httpd/conf.d/ssl.conf:

Note: This directive must either be located at the topmost level of the configuration file, or inside the default virtual host configuration for an address.

Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3)

SSLProtocol All -SSLv2 -SSLv3

Then restart httpd:

# service httpd restart

Option 2: Disable everything except TLSv1.x

On Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 6.6 and later:

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

On other platforms, including Red Hat Enterprise Linux 5

SSLProtocol -All +TLSv1

Then restart httpd:

# service httpd restart

Table of Contents

Secure web server

Disabling SSL 3.0 in mod_ssl

Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3)

Option 2: Disable everything except TLSv1.x