How do I disable SSLv3 on my Control Panel server?
OnApp version 3.x , 4.x , 5.x, 6.x
During the OnApp installation, the OpenSSL utility is installed. There are two Apache configuration files that have the SSLProtocol directive defined. These are
/etc/httpd/conf.d/onapp.conf. To disable SSLv3, you need to explicitly disable SSLv3 by modifying the SSLProtocol directive to include -SSLv3:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLProtocol all -SSLv2
The following should be modified to disable SSLv3:
SSLProtocol -ALL -SSLv3 +TLSv1
SSLProtocol all -SSLv2 -SSLv3
Once these changes are made and saved, do the following:
Stop the OnApp service:
service onapp stopCODE
service onapp startCODE
Once these services are restarted, SSLv3 will be disabled.
More information on the vulnerability can be found at https://access.redhat.com/security/cve/CVE-2014-3566. Currently, there is no patch available. Thus, disabling SSLv3 is highly recommended.