Has anyone else remove SSLv3 from their Cipher Suites?

[ughosting]

Whilst we've not seen any shared hosting customers affected by this, we've had larger infrastructure clients requesting to have this removed due to POODLE.

We've followed suit and down the shared/reseller servers fixed too.

Anyone else done this?

 

[24x7server]

Hi,

Yes, we have done this on many of the servers. Some of them were patched successfully and some of them were not. The SSL certificate on the same server gives some strange behavior like one gives handshake okay and other shows no handshake on SSLv3.

I guess this is not yet affecting as such.

 

[MarkPoppen]

Hi,

Yes, we have done this on many of the servers. Some of them were patched successfully and some of them were not. The SSL certificate on the same server gives some strange behavior like one gives handshake okay and other shows no handshake on SSLv3.

I guess this is not yet affecting as such.

We have the handshaking issue. Can't quite figure out how to fix it.

 

[ughosting]

In your apache config, somewhere it will list the protocols that your apache will attempt, in the order it will attempt to negotiate the connection in.
In theory you just remove SSLv3 from the list.

If you have no such list, and an implied default is present, then insert the configuration without SSLv3, and you should be fine.

Don't forget to restart apache after you make the change.