I am using Virtualmon Pro 4.11, CentOS Linux 6.5 and Apache version2.2.15.
I am trying to adapt to the new “POODLE” SSL issue. So I am trying to disable SSL and use TLS. I notice that in httpd.conf I have these two lines:
SSLProtocol ALL -SSLv2
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
That suggests to me that globally, SSLv2 is disabled. Maybe I just need to do this?
SSLProtocol ALL -SSLv2 -SSLv3
and
SSLCipherSuite HIGH:!SSLv2:!SSLv3:!ADH:!aNULL:!eNULL:!NULL
However I have virtual hosts with their own SSL certificates. If I go to ‘services >> configure web site for SSL >> SSL options’ I see all these protocols enabled:
SSL protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2
But why is SSLv2 enabled when it seems to be globally disabled?
Now if I deselect SSLv2 and SSLv3 I get a problem:
apachectl configtest :
Syntax error on line 4971 of /etc/httpd/conf/httpd.conf:
SSLProtocol: Illegal protocol ‘TLSv1.1’
This relates to this in the virtualhost section:
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
So there seems to be a bit of a bug here.
Question: What is the best way to disable SSL in favour of TLS for the control panel, for web sites, for Dovecot & for Postfix?
Thanks. Yes, just that one change does it (provided there aren’t additional declarations in virtualhost sections).
However that didn’t seem to solve the issue with Webmin logins. I looked in Webmin SSL configuration and I saw the option “Allowed SSL ciphers”. I had this:
For Postfix I believe there is no issue unless the server is forcing SSL. In the case of Dovecot, I don’t think I have SSL enabled (though perhaps I should!).
I am new to this, so i tried to modify the ssl.conf / httpd.conf to include the restrictions about ssl-v3 but when i edit and save the files, i can’t restart apache. I open and edit the files with gedit , is it the issue?
Even if i undo my changes and save the files, the errors are still showing… then i need to recover my virtual server in order to start apache again…
Am i missing something ? I am not really good at linux…
Can we change those files safely without any issues with another kind of editor?
I am on centos 7 , virtualmin/webmin gpl. Any help will be appreciated.
I edited the file with : sudo nano And did not have any troubles to restart… I think that the gedit ( editor ) was the problem by maybe including non visible typos to the file…
So i changed the ssl.conf , do i have other files to change in order to get rid of this sslv3 poddle??
I saw that the ssl settings were actually set in webmin to exlude the sslv3 and sslv2 ( checked )