The POODLE SSLv3 has made big news this week. If you are running and an Apache web server and don’t have to support a lot of old browsers you might as well just stop using it.
On an Ubuntu system..
cd /etc/apache2/mods-enabled
Edit the file:
ssl.conf
Change the entry (around line 77) from:
SSLProtocol all
to
#SSLProtocol all
(Just adding the # to comment out the line)
Add the line/entry:
SSLProtocol TLSv1.2
Restart Apache:
service apache2 restart
TLS supplanted SSL and I understand TLS1.2 to be the most current version of TLS.
This will prevent Apache from falling back to old versions of SSL/TLS. I know there are a lot of old browsers out there but TLS 1.2 has been support in most of the majors for some time. Google gave up this list of browsers/versions that support TLS 1.2…
Chrome – v30
Firefox – v27 enables TLS 1.1 and 1.2 by default. OR
Internet Explorer – v11 supports TLS 1.2 from Feb 2013.
Opera – v17 has added support for TLS 1.2. …
Safari – v5 on iOS and v7 on OS X have added support for up to TLS 1.2.