How to patch/disable SSL 3.0 and fix POODLE vulnerability

SSL 3.0 is an old protocol for securing connections over the internet, its successors currently used are TLS 1.1  and TLS 1.2.

However, for compatibility reasons, most servers still support SSL 3.0 and default back to it if a connection via TLS cannot be established.

To disable SSL 3.0 and thus protect yourself from POODLE, you need to alter your server config.

Apache Server

Add the following to your configuration file:

SSLProtocol All -SSLv2 -SSLv3

and restart the server using:

#service httpd restart


#service apache2 restart

Nginx server

Include the following line in your configuration among the other SSL directives:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

For more details about this as well as the fixes for other servers, check:


Leave a comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.