Oct 162014
SSLv3 is currently disabled in all of our services, if you’re still using Windows XP and Internet Explorer 6: sorry
Apache (grep -i SSLProtocol -R /etc/apache2/*):
SSLProtocol all -SSLv2
->
SSLProtocol all -SSLv2 -SSLv3
Nginx (grep -i ssl_protocols -R /etc/nginx/*) :
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
->
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Postfix (grep -i sslv -R /etc/postfix/* – if not found, add):
smtpd_tls_mandatory_protocols=!SSLv2
->
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
Dovecot (grep -i sslv -R /etc/dovecot/* – might be commented by default):
ssl_protocols = !SSLv2
->
ssl_protocols = !SSLv2 !SSLv3
HAProxy v1.5 (add to your bind :443 -line):
no-sslv3