try this
ssl_cipher_list=ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM
I have the CA cert. installed… if I install this Chain cert., it will replace the CA one. How do I install this chain Certificate ?
when I check here https://ssltools.geotrust.com/checker/views/certCheck.jsp
It shows SAFE from Poodle & heartbleed but I’m getting one issue :
Recommendations
Update your certificate chain.
Your certificate chain is valid, but some older browsers may not recognize it. To support older browsers, download and install the missing intermediate certificate. | Download certificate
look in your SSL section – look at the tabs – the end one is what you are looking for
Thanks … Resolved!
I wonder is the solution offered on http://unix.stackexchange.com/questions/162478/how-to-disable-sslv3-in-apache for CentOS/RHEL 6.x:
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
more complete as it disables all protocols and enables recommended +TLSv1 +TLSv1.1 +TLSv1.2 protocols only? Or it is the same with SSLProtocol all -SSLv2 -SSLv3
allsupported wrote that summary https://www.allsupported.com/virtualmin-ssl-v3-poodle-fixvirtualmin-ssl-v3-poodle-fix/
It’s based on this ticket
Since Version 1.720 (24th November 2014)
SSL v2 and v3 are now disabled by default at Webmin install time, to block the POODLE attack. They can be re-enabled on the SSL Encryption page of the Webmin Configuration module.