Apache 2.4: SSLProtocol directive not taking effect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

We've been stumped by a configuration problem of our Apache 2.4 server, on CentOS 7.

Our goal is to prevent the Poodle vulnerability by removing the SSLv3 protocol.

But it seems this directive is not taking any effect: 

SSLProtocol All -SSLv3

It's located within a VirtualHost context (in /etc/httpd/conf.d/example.com.conf):

<VirtualHost 123.456.789.01:443>

SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:$
SSLHonorCipherOrder on

And the default (in  /etc/httpd/conf.d/ssl.conf)

<VirtualHost _default_:443>

SSLProtocol All -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!$
SSLHonorCipherOrder on

We have of course restarted Apache, but tests show that SSLv3 is still enabled.

I'm certain this is a simple problem, but the logs are silent about this (at LogLevel debug), and we are not able to solve it.

Thanks,

François
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux