Skip to main content
 

How to disable SSLv3 on your web server to prevent #POODLE attacks #Apache #nginx

1 min read

Since SSL v3 is now compromised, web servers should be configured to disable the protocol entirely. This is true even if you don't rely on it, because the attack vector involves forcing your server (and apps that rely on SSL) to fallback to this outdated protocol.

Big thanks to Digital Ocean for once again preparing a fantastic guide to protecting your web server. Here's their guide to disabling SSLv3.