Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

Poodle SSL problem

https://forum.vestacp.com/viewtopic.php?f=11&t=6019

Page 1 of 1

Poodle SSL problem

Posted: Wed Oct 15, 2014 11:29 am
by Tralapo
I think you guys saw the latest news today about the "Poodle" bug in SSL.

The cure to this problem is to disable SSLv3 completely. See also this post: http://askubuntu.com/a/537197.

In the AskUbuntu post there's a clear way to disable it. But my problem at the moment: I can't find the right configfiles to disable SSLv3 in both Apache and Nginx. Can somebody tell where theses configfiles can be found, when using VestaCP? I don't want to mess op the whole thing you know.

Re: Poodle SSL problem

Posted: Wed Oct 15, 2014 1:42 pm
by jalogisch
Maybe it would be nice to have the List from https://cipherli.st/ with SSL at least for the control panel.

i had updated my setup so

Code: Select all

/usr/local/vesta/nginx/conf/nginx.conf
and

Code: Select all

/etc/nginx/nginx.conf
looks now like this:

Code: Select all

    
    # SSL PCI Compliance
    # ssl_ciphers                 RC4:HIGH:!aNULL:!MD5:!kEDH;
    # ssl_session_cache           shared:SSL:10m;
    # ssl_prefer_server_ciphers   on;
    # # poodle check
    # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # https://cipherli.st/
    # strong settings
    ssl_ciphers 'AES256+EECDH:AES256+EDH';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
    add_header X-Frame-Options DENY;
    ssl_stapling on; # Requires nginx >= 1.3.7
    ssl_stapling_verify on; # Requires nginx => 1.3.7
    resolver 8.8.4.4 8.8.8.8 valid=300s;
    resolver_timeout 5s;

Re: Poodle SSL problem

Posted: Fri Oct 17, 2014 10:54 am
by patstan
Adding the following should suffice:

Code: Select all

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Re: Poodle SSL problem

Posted: Thu Dec 04, 2014 11:59 am
by skid
We have updated Nginx configuration. Please feel free to download it

Code: Select all

# For RHEL/CentOS
wget http://c.vestacp.com/0.9.8/rhel/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart

Code: Select all

# For Debian/Ubuntu
wget http://c.vestacp.com/0.9.8/ubuntu/nginx.conf -O /etc/nginx/nginx.conf
service nginx restart

Re: Poodle SSL problem

Posted: Thu Dec 04, 2014 5:32 pm
by Trentor
skid wrote:We have updated Nginx configuration. Please feel free to download it
Thanks!!

Now, A+ ;-)
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/