How to disable SSLv1/SSLv2/SSLv3 protocols to block Poodle to Apache 2.4.9 on Windows Server 2008 R2?

windows-server-2008 ssl apache-2.4 tls poodle
9,233

Solution 1

The Apache SSL settings have nothing to do with the PHP "Registered Stream Socket Transports". Simply put, TLSv1.1 and 1.2 aren't supported by PHP 5.5. Upgrade to PHP 5.6 and you'll see:

Registered Stream Socket Transports:
tcp, udp, unix, udg, ssl, sslv3, sslv2, tls, tlsv1.0, tlsv1.1, tlsv1.2

Solution 2

In conf.d/ssl.conf, conf/extra/httpd-ssl.conf, or wherever else you have your mod_ssl settings configured:

SSLProtocol All -SSLv2 -SSLv3

SSLv1 isn't a thing in mod_ssl. The All directive is a shortcut for +SSLv2 +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2, hence the manual removal of v2 and v3.

Share:
9,233

Related videos on Youtube

Mike
Author by

Mike

Updated on September 18, 2022

Comments

  • Mike
    Mike over 1 year

    How can I disable SSLv1, SSLv2 and SSLv3 protocols on Apache 2.4.9 installed on a Windows Server 2008 R2 as a service? (I am not using IIS.)

    I still want to have TLSv1.2 protocol on my server.

    Here are some of my environment variables:

    SERVER_SOFTWARE                          Apache/2.4.9 (Win32) PHP/5.5.12 OpenSSL/1.0.1g 
SSL_PROTOCOL                             TLSv1.2 
Registered Stream Socket Transports      tcp, udp, ssl, sslv3, sslv2, tls
  • Mike
    Mike over 9 years
    does this mean I should add SSLProtocol All -SSLv2 -SSLv3 inside this block <VirtualHost _default_:443> in the httpd-ssl.conf file? which will remove SSLv2 and SSLV3 and leaves the TLSv* open?
  • Hyppy
    Hyppy over 9 years
    You can do it globally or modify it individually for Virtualhosts, your choice.
  • Mike
    Mike over 9 years
    How can I do it Globally?
  • Hyppy
    Hyppy over 9 years
    In conf.d/ssl.conf, conf/extra/httpd-ssl.conf, or wherever else you have your mod_ssl defaults configured. Probably the second one.
  • Mike
    Mike over 9 years
    I am trying to make this change on a testing server. so I added SSLProtocol All -SSLv2 -SSLv3 to the file conf/extra/httpd-ssl.conf but "Registered Stream Socket Transports" still have "tcp, udp, ssl, sslv3, sslv2, tls" when looking at the php_info() file
  • Mike
    Mike over 9 years
    I even tried this SSLHonorCipherOrder On SSLProtocol -All +TLSv1.2

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Disable SSLv3 In cURL?
Apache TLS (SSL) Performance
The client and server cannot communicate, because they do not possess a common algorithm on Windows Server Web 2008
Identify and disable weak cipher suites Windows server 2008 / IIS 7
How force that all connections to my Apache use TLSv1.1 or TLSv1.2?
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version /home/mohan/mesg
Apt-get SSL client certificate not working on 16.04 (Error while reading file)
SSL/TLS error with links and lynx - possibly due to CloudFlare
Ubuntu 16.04 openssl s_client write:errno=104
How to disable TLS 1.0, TLS 1.1 on Apache