Oct 162014

SSLv3 is currently disabled in all of our services, if you’re still using Windows XP and Internet Explorer 6: sorry

Apache (grep -i SSLProtocol -R /etc/apache2/*):
SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3

Nginx (grep -i ssl_protocols -R /etc/nginx/*) :
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Postfix (grep -i sslv -R /etc/postfix/* – if not found, add):

Dovecot (grep -i sslv -R /etc/dovecot/* – might be commented by default):
ssl_protocols = !SSLv2
ssl_protocols = !SSLv2 !SSLv3

HAProxy v1.5 (add to your bind :443 -line):

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>