The following are the instructions to turn off SSLv3 on the ScrumWorks sites for
POODLE vulnerability:
-
Add SSLProtocol -SSLv3 +TLSv1 -SSLv2 in the
etc/httpd/conf/httpd.conf file as shown below:
SSLEngine on
SSLProtocol -SSLv3 +TLSv1 -SSLv2
-
Perform a graceful restart:
-
Run the following command to confirm if SSLv3 has been disabled:
- /usr/bin/openssl s_client -crlf -connect hostname:port
-ssl3