Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums Sentora Forum Archives Sentora Public Support Forums v1.0.x General Support Forum v1.0.x v How can i have SSLv3 Poodle when i disabled it.

How can i have SSLv3 Poodle when i disabled it.
jeremyotten Offline
Sentora Member
*
OS: CentOS 6.7
Version: 1.0.3
Server: VPS
Posts: 32
Threads: 10
Joined: Feb 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 0 thank(s) in 0 post(s)
#1
How can i have SSLv3 Poodle when i disabled it.
 04-07-2016, 06:32 PM
on my vHost test.azure-test.nl i have this config

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCMBig GrinH+AESGCM:ECDH+AES256Big GrinH+AES256:ECDH+AES128Big GrinH+AES:ECDH+3DESBig GrinH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/test.azure-test.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.azure-test.nl/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/test.azure-test.nl/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off

the -SSLv3 should mean NO SSLv3 right.
But when you do the SSL lab test.. SSLv3 is on it says??
https://www.ssllabs.com/ssltest/analyze....re-test.nl

Please assist..
Find
Reply
Thanks given by:
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,601
Threads: 233
Joined: May 2014
Reputation: 84
Sex: Male
Thanks: 396
Given 575 thank(s) in 443 post(s)
#2
RE: How can i have SSLv3 Poodle when i disabled it.
 04-08-2016, 03:27 AM
When I view the test it says SSL 3 No.... So it is off.
Quote:TLS 1.2
Yes
TLS 1.1
Yes
TLS 1.0
Yes
SSL 3
No
SSL 2
No
-TGates - Project Council

SEARCH the Forums or read theĀ DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:
jeremyotten Offline
Sentora Member
*
OS: CentOS 6.7
Version: 1.0.3
Server: VPS
Posts: 32
Threads: 10
Joined: Feb 2015
Reputation: 0
Sex: Undisclosed
Thanks: 0
Given 0 thank(s) in 0 post(s)
#3
RE: How can i have SSLv3 Poodle when i disabled it.
 04-08-2016, 03:24 PM
(04-08-2016, 03:27 AM)TGates Wrote: When I view the test it says SSL 3 No.... So it is off.
Quote:TLS 1.2
Yes
TLS 1.1
Yes
TLS 1.0
Yes
SSL 3
No
SSL 2
No

But only after i also disabled SSL3 on the main ssl.conf (instead of only the vHost..)

Something to do with SNI and initial handshake

vi /etc/httpd/conf.d/ssl.conf
Add -SSLv3 after SSLProtocol ALL -SSLv2
Find
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Domain disabled page incorrect QuakeMedia 2 5 ,544 08-19-2017, 03:41 AM
Last Post: TGates
How do i disabled IPv6 Exile 7 13 ,619 05-17-2017, 01:54 PM
Last Post: TGates
How to Stop Poodle Attack? chirag 1 4 ,408 08-26-2016, 06:46 PM
Last Post: chirag

Forum Jump:


Users browsing this thread: 1 Guest(s)