![]() Create the following files if they do not already exist:Ĭomplex protocol strings work for cpdavd for all builds. This will disable SSLv3.0 on your server running LiteSpeed.ġ. You can force a reinstall by running this command: LiteSpeed has released an update to version 4.2.17. This will disable SSLv3.0 on your server running Apache. SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2Ĥ) Press the Update button and rebuild your Apache configuration. This does not appear to affect SSH and FTP services.ġ) Go to WHM => Service Configuration => Apache Configuration => Include Editor => Pre Main Include.ģ) Add the following in the text box that appears: To accomplish this, please follow these steps. However, servers that currently function only because of SSL 3.0 fallback should be updated. It’s important to know that this flaw is most likely present in all servers and has nothing to do with the cPanel software. If stolen, a cookie could allow an attacker access to someone’s Web-based email account, for example. The “POODLE” (Padding Oracle On Downgraded Legacy Encryption) attack can force a connection to “fallback” to SSL 3.0, where it is then possible to steal cookies, which are small data files that enable persistent access to an online service. On October 14, 2014, security experts alerted the general public to a flaw in an obsolete but still-used SSL protocol (SSLv3).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |