Disable SSLv3 in Apache 2.4 (Ubuntu)

The POODLE SSLv3 has made big news this week. If you are running and an Apache web server and don’t have to support a lot of old browsers you might as well just stop using it.

On an Ubuntu system..

cd /etc/apache2/mods-enabled

Edit the file:

Change the entry (around line 77) from:
SSLProtocol all
#SSLProtocol all (Just adding the # to comment out the line)

Add the line/entry:
SSLProtocol TLSv1.2

Restart Apache:
service apache2 restart

TLS supplanted SSL and I understand TLS1.2 to be the most current version of TLS.

This will prevent Apache from falling back to old versions of SSL/TLS. I know there are a lot of old browsers out there but TLS 1.2 has been support in most of the majors for some time. Google gave up this list of browsers/versions that support TLS 1.2…

Chrome – v30
Firefox – v27 enables TLS 1.1 and 1.2 by default. OR
Internet Explorer – v11 supports TLS 1.2 from Feb 2013.
Opera – v17 has added support for TLS 1.2. …
Safari – v5 on iOS and v7 on OS X have added support for up to TLS 1.2.