Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

Poodle SSL problem

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
5 posts • Page 1 of 1
Tralapo
Posts: 23
Joined: Wed Oct 15, 2014 11:25 am

Poodle SSL problem
  • Quote

Post by Tralapo » Wed Oct 15, 2014 11:29 am

I think you guys saw the latest news today about the "Poodle" bug in SSL.

The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.

In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.
Top
jalogisch
Posts: 8
Joined: Fri Aug 29, 2014 7:16 am

Re: Poodle SSL problem
  • Quote

Post by jalogisch » Wed Oct 15, 2014 1:42 pm

Maybe it would be nice to have the List from https://cipherli.st/ with SSL at least for the control panel.

i had updated my setup so

Code: Select all

/usr/local/vesta/nginx/conf/nginx.conf
and

Code: Select all

/etc/nginx/nginx.conf
looks now like this:

Code: Select all

    
    # SSL PCI Compliance
    # ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
    # ssl_session_cache           shared:SSL:10m;
    # ssl_prefer_server_ciphers   on;
    # # poodle check
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # https://cipherli.st/
    # strong settings
    ssl_ciphers 'AES256+EECDH:AES256+EDH';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header X-Frame-Options DENY;
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 5s;
Top
patstan
Posts: 117
Joined: Wed Jul 30, 2014 10:53 am

Re: Poodle SSL problem
  • Quote

Post by patstan » Fri Oct 17, 2014 10:54 am

Adding the following should suffice:

Code: Select all

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Top
skid
VestaCP Team
Posts: 1476
Joined: Wed Apr 06, 2011 11:12 pm

Re: Poodle SSL problem
  • Quote

Post by skid » Thu Dec 04, 2014 11:59 am

We have updated Nginx configuration. Please feel free to download it

Code: Select all

# For RHEL/CentOS
wget http://c.vestacp.com/0.9.8/rhel/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart

Code: Select all

# For Debian/Ubuntu
wget http://c.vestacp.com/0.9.8/ubuntu/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart
Top
Trentor
Posts: 84
Joined: Fri Apr 25, 2014 6:42 pm

Re: Poodle SSL problem
  • Quote

Post by Trentor » Thu Dec 04, 2014 5:32 pm

skid wrote:We have updated Nginx configuration. Please feel free to download it
Thanks!!

Now, A+ ;-)
Top
Post Reply
  • Print view
5 posts • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password