While we have fully disabled SSL 3.0 on all shared servers, VPS and dedicated customers have not been modified to prevent changes to any customer configurations that you may have. In this article, we will show you how to disable SSL 3.0 on your VPS or dedicated server.
Note: You must have root access to your server to make this change. If you do not have root access, you may submit a verified ticket to support and they will be happy to make these changes for you.
Disabling SSL 3.0 in Apache
Log in as root via SSH.
Copy your Apache template:
cp /var/cpanel/templates/apache2/main.default /var/cpanel/templates/apache2/main.local
Open your main.local file to line 56
nano +56 /var/cpanel/templates/apache2/main.local
Remove the following line:
SSLProtocol [% main.sslprotocol.item.sslprotocol %]
At around line 233, locate the line that looks like this:
# SSLCipherSuite can be set in WHM under ‘Apache Global Configuration’
[% IF main.sslciphersuite.item.sslciphersuite.length %]SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %]Remove the line below the comment and replace it with the following 2 lines:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUMSave the file by pressing Ctrl+X, and pressing Y to save your changes.
Rebuild the Apache configuration with the following command:
/scripts/rebuildhttpdconf
Finally, restart Apache:
service httpd restart
First step to copy main.default to main.local should be preceded by a suggestion to first make a copy of main.local. That way if something goes badly or main.local has customizations, there’s a handy backup.
Hello Jeff,
That you for your input, I also agree with what you are saying and will be adding that bit to the article.
Best Regards,
TJ Edens