Poodle SSL problem
Poodle SSL problem
I think you guys saw the latest news today about the "Poodle" bug in SSL.
The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.
In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.
The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.
In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.
Re: Poodle SSL problem
Maybe it would be nice to have the List from https://cipherli.st/ with SSL at least for the control panel.
i had updated my setup so and looks now like this:
i had updated my setup so
Code: Select all
/usr/local/vesta/nginx/conf/nginx.conf
Code: Select all
/etc/nginx/nginx.conf
Code: Select all
# SSL PCI Compliance
# ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
# ssl_session_cache shared:SSL:10m;
# ssl_prefer_server_ciphers on;
# # poodle check
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# https://cipherli.st/
# strong settings
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY;
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.4.4 8.8.8.8 valid=300s;
resolver_timeout 5s;
Re: Poodle SSL problem
Adding the following should suffice:
Code: Select all
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Re: Poodle SSL problem
We have updated Nginx configuration. Please feel free to download it
Code: Select all
# For RHEL/CentOS
wget http://c.vestacp.com/0.9.8/rhel/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart
Code: Select all
# For Debian/Ubuntu
wget http://c.vestacp.com/0.9.8/ubuntu/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart
Re: Poodle SSL problem
Thanks!!skid wrote:We have updated Nginx configuration. Please feel free to download it
Now, A+ ;-)