How to disable SSLv1/SSLv2/SSLv3 protocols to block Poodle to Apache 2.4.9 on Windows Server 2008 R2?
Solution 1
The Apache SSL settings have nothing to do with the PHP "Registered Stream Socket Transports". Simply put, TLSv1.1 and 1.2 aren't supported by PHP 5.5. Upgrade to PHP 5.6 and you'll see:
Registered Stream Socket Transports:
tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2
Solution 2
In conf.d/ssl.conf
, conf/extra/httpd-ssl.conf
, or wherever else you have your mod_ssl settings configured:
SSLProtocol All -SSLv2 -SSLv3
SSLv1 isn't a thing in mod_ssl. The All
directive is a shortcut for +SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
, hence the manual removal of v2 and v3.
Related videos on Youtube
Mike
Updated on September 18, 2022Comments
-
Mike over 1 year
How can I disable SSLv1, SSLv2 and SSLv3 protocols on Apache 2.4.9 installed on a Windows Server 2008 R2 as a service? (I am not using IIS.)
I still want to have TLSv1.2 protocol on my server.
Here are some of my environment variables:
SERVER_SOFTWARE Apache/2.4.9 (Win32) PHP/5.5.12 OpenSSL/1.0.1g SSL_PROTOCOL TLSv1.2 Registered Stream Socket Transports tcp, udp, ssl, sslv3, sslv2, tls
-
Mike over 9 yearsdoes this mean I should add
SSLProtocol All -SSLv2 -SSLv3
inside this block<VirtualHost _default_:443>
in the httpd-ssl.conf file? which will remove SSLv2 and SSLV3 and leaves the TLSv* open? -
Hyppy over 9 yearsYou can do it globally or modify it individually for Virtualhosts, your choice.
-
Mike over 9 yearsHow can I do it Globally?
-
Hyppy over 9 yearsIn
conf.d/ssl.conf
,conf/extra/httpd-ssl.conf
, or wherever else you have your mod_ssl defaults configured. Probably the second one. -
Mike over 9 yearsI am trying to make this change on a testing server. so I added SSLProtocol All -SSLv2 -SSLv3 to the file conf/extra/httpd-ssl.conf but "Registered Stream Socket Transports" still have "tcp, udp, ssl, sslv3, sslv2, tls" when looking at the php_info() file
-
Mike over 9 yearsI even tried this
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1.2