SSL 3.0 Poodle

How to Fix the SSL 3.0 Poodle Vulnerability

I got an email from Stripe payments to let me know that a recent credit card transaction on my site had used the SSL 3.0 protocol on my server and that this was possibly insecure due to the recent “Poodle” vulnerability. They said that they would be removing support for SSL 3.0 in Stripe soon and that my existing credit card forms would no longer work.

The fix for this is server based and essentially you need to remove support for the SSL 3.0 protocol on your server in favour of TLS. All modern servers should support TLS but you might need to tell them to or tell them to disable SSL 3.0. Contact your host if you are on a shared server. If you’re on a VPS like me you can do this yourself in WHM/Cpanel as below:

  1. Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.
  2. Select a version or All Versions.
  3. Add the following in the text box that appears:SSLHonorCipherOrder On
    SSLProtocol ALL -SSLv2 -SSLv3
  4. Press the Update button and then “Restart Apache”.
SSL 3.0 Poodle
SSL 3.0 Poodle
Advertisements

Published by

Leon Quinn

Multimedia Design company in Leitrim, Ireland specializing in WordPress Website Design, Photoshop and Graphics. www.reverbstudios.ie

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s